2026
Safeguard articles tagged "2026" — guides, analysis, and best practices for software supply chain and application security.
42 articles
Introducing the Package Firewall and AI Model-Artifact Scanning
Two supply-chain defenses are rolling out on Safeguard: an install-time Package Firewall that blocks malicious npm and pip packages before they resolve, and AI model-artifact scanning that inspects model weights — now including ONNX — for malware before they load.
2026 Mid-Year Threat Landscape: Supply-Chain Worms, Agentic AI, and Edge Zero-Days
A defender's synthesis of the first half of 2026 — self-propagating package worms, the agentic-AI access-control problem, edge-appliance zero-days, and a healthcare ransomware surge — and what to prioritize next.
What Is a Software Supply Chain Attack? A 2026 Primer
A grounded 2026 primer on software supply chain attacks: definitions, the four real attack vectors, landmark incidents, and where defenders should start.
MFT Mass Exploitation Trend In 2026
Managed file transfer platforms have become a recurring epicenter of mass exploitation. We trace the 2026 incidents, the reused tradecraft, and what defenders should do now.
AI Agent Supply Chain Attacks: 2026 Trend Watch
AI agents pull tools, models, and data from a sprawling chain of upstream providers. In 2026 attackers learned to poison that chain — and the fallout is shaping how enterprises buy and operate agentic systems.
EU CRA Enforcement First Year: What Changed
A senior engineer's review of the first year of EU Cyber Resilience Act enforcement, what regulators actually asked for, what vendors got wrong, and where the bar moves next.
npm Account Takeover Pattern Evolution
npm account takeovers have shifted from opportunistic phishing to coordinated, multi-stage operations. We trace the 2025 to 2026 evolution and what it means for maintainers.
Agentic AI Budget Explosions And Cost Controls
Agent runaway is no longer a theoretical risk — it is a line item on quarterly variance reports. The 2026 trend in agentic AI is less about model capability and more about who pays when an agent loops.
EU AI Act High-Risk System Obligations
A senior engineer's breakdown of the EU AI Act high-risk system obligations as they apply in 2026, with a focus on documentation, supply chain, and ongoing monitoring.
PyPI Malicious Package Trends Q1 2026
Q1 2026 PyPI malicious package activity shows a clear shift toward AI and ML tooling targets. We break down the data, the tradecraft, and the implications.
MCP Vulnerability Disclosure Trends In 2026
MCP servers went from a niche protocol to standard agent infrastructure in under two years. The vulnerability disclosure landscape is catching up — fast, messily, and with patterns worth tracking.
CISA Secure-By-Design Pledge Update 2026
A senior engineer's view of where the CISA Secure-By-Design pledge stands in 2026, what signatories actually delivered, and what the second wave of expectations looks like.