agentic-ai
Safeguard articles tagged "agentic-ai" — guides, analysis, and best practices for software supply chain and application security.
39 articles
The postmark-mcp Backdoor: What MCP Server Vetting Should Look Like
A trojanized MCP server BCC'd every email it sent to an attacker for weeks, downloaded 1,643 times, before anyone noticed. Here's the pattern and the fix.
Why traditional AppSec still catches most enterprise AI agent bugs
OWASP's LLM Top 10 names new categories, but most enterprise agent breaches trace back to broken access control and unvalidated input — the classics.
The guardrail gap in low-code agentic AI platforms
Low-code AI builders let business users wire agents to live connectors in minutes — but most ship without per-tool scoping, approval gates, or audit trails.
MCP server security for AI coding agents
A critical RCE in Anthropic's own MCP Inspector (CVSS 9.4) and two Cursor CVEs show that giving AI agents tool access creates a new, largely unvetted attack surface.
Threat-modeling for AI-native applications
STRIDE has six categories from 1999. OWASP's LLM Top 10 and MITRE ATLAS's ~84 techniques show why agentic AI needs new threat-modeling columns, not a new framework.
Governing AI agents inside the execution loop
Snyk's Evo Agentic Development Security, in open preview since June 23, 2026, hooks directly into an agent's tool calls — proof that pre-deployment review can't govern a decision made mid-session.
How to build and justify an AI security budget
CVE-2025-6514 let a flawed MCP proxy escalate to full remote code execution — a preview of why AI/agentic risk needs its own budget line, not a slice of the AppSec line.
Agentic AI Security FAQ: Governing Autonomous AI in 2026
Clear answers on securing agentic AI — what makes autonomy risky, how tool scope and identity work, prompt injection and confused-deputy failures, and how Safeguard governs agents that act on your systems.
Agentic AI Security: Why Architecture Beats Model Size in Vulnerability Discovery
The CyberGym leaderboard shows the lead in AI vulnerability discovery moving to multi-agent orchestration, not raw model scale. Here is what that means for security teams betting on agentic AI.
Cost-Per-Verified-Finding: How Agentic AI Breaks Vulnerability Triage
Agentic AI can generate findings faster than any team can read them. The metric that survives that flood isn't cost-per-finding, it's cost-per-verified-finding. Here's why verification is now the bottleneck.
DEF CON 34 Preview: Agentic AI Security Takes Center Stage at Hacker Summer Camp
DEF CON 34 lands in Las Vegas August 6-9, 2026 under the theme 'Agency' — a deliberate nod to agentic AI. Here is what to watch, why it matters, and how to prepare before you board the plane.
Agentic AI at RSAC 2026 vs Infosecurity Europe 2026: Two Continents, One Theme
RSAC 2026 in San Francisco and Infosecurity Europe 2026 in London both orbited agentic AI, shadow AI, and post-quantum cryptography. What changed across the Atlantic was the framing: market velocity versus regulation and sovereignty.