Industry Analysis
In-depth guides and analysis on industry analysis from the Safeguard engineering team.
294 articles
How snyk-to-html converts CLI scan results into shareable...
A technical look at how snyk-to-html converts Snyk CLI JSON scan output into shareable, self-contained HTML reports for CI pipelines and audits.
The Confidence Gap: Why Developers Trust AI Code More Tha...
Studies show developers trust AI-generated code more than human code, even though it's often less secure. Here's what's driving the AI code trust gap.
Autocomplete Anxiety: Measuring How Often AI Coding Assis...
Studies show 40-45% of AI-suggested code contains exploitable flaws, and models hallucinate fake packages developers install. Here's what the data says.
Why Scanning AI-Generated Code Requires Different Heurist...
AI coding assistants write fast but fail differently than humans do. Learn why scanning AI-generated code needs new heuristics for hallucinated dependencies.
Do Code Review Practices Need to Change When Half the Cod...
AI now writes up to half of production code. Here is why traditional code review breaks down on AI output, and what teams need to change.
The Missing Guardrails: Why So Few Teams Scan AI Suggesti...
AI writes most new code, but few CI pipelines scan it before merge. Here's why the AI code scanning adoption gap exists — and what closes it.
Why Policy Bypass Is Rising Even as AI Coding Tools Get '...
AI coding assistants keep getting smarter, yet developer security policy bypasses keep rising. Here's why the two trends are linked and how to close the gap.
The False Sense of Security Effect in AI-Assisted Develop...
AI coding assistants make developers write faster and trust more — even when the code is less secure. Here's what the data shows, and how to close the gap.
How AI Code Generation Is Changing the Shape of the OWASP...
AI coding assistants are quietly reshuffling the OWASP Top Ten, elevating software supply chain risk and reviving old injection bugs at machine speed.
Common Insecure Suggestions in SQL and Auth Code from AI ...
Across studies from Stanford to BaxBench, AI assistants keep suggesting string-concatenated SQL and hardcoded JWT secrets. Here is the pattern, by the numbers.
Supply Chain Security Budget Justification
How to build a budget case for a supply chain security program that survives CFO scrutiny, with dollar-denominated risk, benchmarks, and staged investment tiers.
ASPM vs Traditional Vulnerability Management: What Actual...
ASPM doesn't replace your scanners — it correlates their output with runtime reachability and ownership to cut a 10,000-finding backlog down to the handful that actually matter.