Safeguard
Tag

agent runtime

Safeguard articles tagged "agent runtime" — guides, analysis, and best practices for software supply chain and application security.

5 articles

AI Security

Keeping secrets out of agent context windows: brokers, scoped tokens, and redaction

Every secret that touches an agent's context window is a secret the agent can leak. Just-in-time credential brokers, scoped-token issuance, and redaction layers keep the surface small without breaking the agent's ability to do real work.

May 15, 20268 min read
AI Security

Network egress controls for autonomous agent runtimes

Autonomous agents need network access to do useful work, and that access is exactly what attackers exploit when they trick an agent into exfiltrating data. Here is how to design egress controls that hold up under adversarial pressure.

May 14, 20268 min read
AI Security

Detecting shadow MCP servers in developer environments

Unauthorized MCP servers running on developer laptops are the agent-era equivalent of shadow IT. Here is how to inventory them, see them at runtime, and bring them under policy.

May 13, 20268 min read
AI Security

Defending LLM agents against confused-deputy attacks on their tool privileges

An LLM agent with tools is a deputy that holds privileges its users do not. Attackers exploit that gap by tricking the agent into using those privileges on their behalf — here is how to design defenses that hold up.

May 13, 20268 min read
Agent Security

LangGraph CVE-2025-64439: When Agent Checkpoints Become RCE

A JsonPlusSerializer fallback in langgraph-checkpoint let attacker-controlled payloads execute arbitrary Python on deserialization. We unpack the bug, the patch, and what agent operators must change.

Nov 20, 20256 min read
agent runtime — Safeguard Blog