Safeguard
Tag

2026

Safeguard articles tagged "2026" — guides, analysis, and best practices for software supply chain and application security.

42 articles

Product

Introducing the Package Firewall and AI Model-Artifact Scanning

Two supply-chain defenses are rolling out on Safeguard: an install-time Package Firewall that blocks malicious npm and pip packages before they resolve, and AI model-artifact scanning that inspects model weights — now including ONNX — for malware before they load.

Jul 6, 20265 min read
Threat Intelligence

2026 Mid-Year Threat Landscape: Supply-Chain Worms, Agentic AI, and Edge Zero-Days

A defender's synthesis of the first half of 2026 — self-propagating package worms, the agentic-AI access-control problem, edge-appliance zero-days, and a healthcare ransomware surge — and what to prioritize next.

Jun 24, 20265 min read
Software Supply Chain Security

What Is a Software Supply Chain Attack? A 2026 Primer

A grounded 2026 primer on software supply chain attacks: definitions, the four real attack vectors, landmark incidents, and where defenders should start.

Apr 17, 20268 min read
Industry Analysis

MFT Mass Exploitation Trend In 2026

Managed file transfer platforms have become a recurring epicenter of mass exploitation. We trace the 2026 incidents, the reused tradecraft, and what defenders should do now.

Apr 13, 20267 min read
AI Security

AI Agent Supply Chain Attacks: 2026 Trend Watch

AI agents pull tools, models, and data from a sprawling chain of upstream providers. In 2026 attackers learned to poison that chain — and the fallout is shaping how enterprises buy and operate agentic systems.

Apr 12, 20267 min read
Regulatory Compliance

EU CRA Enforcement First Year: What Changed

A senior engineer's review of the first year of EU Cyber Resilience Act enforcement, what regulators actually asked for, what vendors got wrong, and where the bar moves next.

Apr 11, 20267 min read
Industry Analysis

npm Account Takeover Pattern Evolution

npm account takeovers have shifted from opportunistic phishing to coordinated, multi-stage operations. We trace the 2025 to 2026 evolution and what it means for maintainers.

Apr 9, 20267 min read
AI Security

Agentic AI Budget Explosions And Cost Controls

Agent runaway is no longer a theoretical risk — it is a line item on quarterly variance reports. The 2026 trend in agentic AI is less about model capability and more about who pays when an agent loops.

Apr 8, 20267 min read
Regulatory Compliance

EU AI Act High-Risk System Obligations

A senior engineer's breakdown of the EU AI Act high-risk system obligations as they apply in 2026, with a focus on documentation, supply chain, and ongoing monitoring.

Apr 7, 20268 min read
Industry Analysis

PyPI Malicious Package Trends Q1 2026

Q1 2026 PyPI malicious package activity shows a clear shift toward AI and ML tooling targets. We break down the data, the tradecraft, and the implications.

Apr 5, 20268 min read
AI Security

MCP Vulnerability Disclosure Trends In 2026

MCP servers went from a niche protocol to standard agent infrastructure in under two years. The vulnerability disclosure landscape is catching up — fast, messily, and with patterns worth tracking.

Apr 4, 20267 min read
Regulatory Compliance

CISA Secure-By-Design Pledge Update 2026

A senior engineer's view of where the CISA Secure-By-Design pledge stands in 2026, what signatories actually delivered, and what the second wave of expectations looks like.

Apr 3, 20267 min read
2026 — Safeguard Blog