Safeguard
Tag

agent-security

Safeguard articles tagged "agent-security" — guides, analysis, and best practices for software supply chain and application security.

33 articles

AI Security

Securing MCP Servers for AI Agents

Five CVEs in 2025 alone trace MCP tool compromise back to one root cause: unsanitized strings piped into exec(). Here's how to expose and consume MCP safely.

Jul 9, 20267 min read
AI Security

Signing and provenance standards for AI agent skill registries

Shai-Hulud infected 500+ npm packages via stolen tokens in 2025. Agent skill registries are repeating the same unsigned-artifact mistake — here's the fix.

Jul 9, 20267 min read
Supply Chain Attacks

How Malicious Skills Get Distributed Through Agent Registries

CVE-2025-59536 (CVSS 8.7) let a single malicious commit auto-approve MCP servers in Claude Code, no install click required. Registries need the same controls as package managers.

Jul 8, 20266 min read
AI Security

Prompt injection in AI coding assistant system prompts

Copilot, Cursor, and Windsurf all read untrusted repo text into the same channel as trusted instructions — three 2025 CVEs show what happens next.

Jul 8, 20266 min read
AI Security

Vetting third-party agent skills before you install them

AI agent skill marketplaces run installed code with your full permissions and no sandboxing — VS Code's 2025 extension attacks show exactly how that gets abused.

Jul 8, 20266 min read
FAQ

Agentic AI Security FAQ: Governing Autonomous AI in 2026

Clear answers on securing agentic AI — what makes autonomy risky, how tool scope and identity work, prompt injection and confused-deputy failures, and how Safeguard governs agents that act on your systems.

Jul 6, 20266 min read
FAQ

MCP Server Security FAQ: Safeguarding AI Agent Tool Access in 2026

Plain answers about securing the Model Context Protocol — what an MCP server exposes, how agents authenticate, the prompt-injection and tool-poisoning risks, and how Safeguard's MCP server fits in.

Jul 4, 20266 min read
AI Security

Model Context Protocol Permissions Model Explained

MCP's permissions model is subtle. Here is a careful walkthrough of how tool scoping, sampling, and resource access actually work in production.

Apr 12, 20266 min read
AI Security

Securing MCP Servers Without Killing Developer Velocity

MCP servers are spreading inside engineering orgs faster than security teams can review them. Here is how to govern them without slowing teams down.

Apr 12, 20267 min read
AI Security

Enterprise MCP Registry Onboarding Process

A repeatable onboarding flow for adding MCP servers to an enterprise registry without becoming the team that says no to everything.

Apr 8, 20267 min read
AI Security

Scoped Credentials Per MCP Server: A Pattern

Long-lived shared tokens are the wrong unit of trust for MCP servers. Here is the per-server scoped-credential pattern and how to roll it out.

Apr 4, 20267 min read
AI Security

Tool-Call Audit: The Missing AI Observability Layer

Most AI observability stacks log prompts and completions. The actual security signal is in the tool calls. Here is how to capture it.

Mar 30, 20267 min read
agent-security — Safeguard Blog