Safeguard
Tag

agentic-ai

Safeguard articles tagged "agentic-ai" — guides, analysis, and best practices for software supply chain and application security.

39 articles

AI Security

The postmark-mcp Backdoor: What MCP Server Vetting Should Look Like

A trojanized MCP server BCC'd every email it sent to an attacker for weeks, downloaded 1,643 times, before anyone noticed. Here's the pattern and the fix.

Jul 16, 20267 min read
AI Security

Why traditional AppSec still catches most enterprise AI agent bugs

OWASP's LLM Top 10 names new categories, but most enterprise agent breaches trace back to broken access control and unvalidated input — the classics.

Jul 9, 20266 min read
AI Security

The guardrail gap in low-code agentic AI platforms

Low-code AI builders let business users wire agents to live connectors in minutes — but most ship without per-tool scoping, approval gates, or audit trails.

Jul 9, 20267 min read
AI Security

MCP server security for AI coding agents

A critical RCE in Anthropic's own MCP Inspector (CVSS 9.4) and two Cursor CVEs show that giving AI agents tool access creates a new, largely unvetted attack surface.

Jul 9, 20267 min read
AI Security

Threat-modeling for AI-native applications

STRIDE has six categories from 1999. OWASP's LLM Top 10 and MITRE ATLAS's ~84 techniques show why agentic AI needs new threat-modeling columns, not a new framework.

Jul 9, 20267 min read
AI Security

Governing AI agents inside the execution loop

Snyk's Evo Agentic Development Security, in open preview since June 23, 2026, hooks directly into an agent's tool calls — proof that pre-deployment review can't govern a decision made mid-session.

Jul 7, 20268 min read
AI Security

How to build and justify an AI security budget

CVE-2025-6514 let a flawed MCP proxy escalate to full remote code execution — a preview of why AI/agentic risk needs its own budget line, not a slice of the AppSec line.

Jul 7, 20268 min read
FAQ

Agentic AI Security FAQ: Governing Autonomous AI in 2026

Clear answers on securing agentic AI — what makes autonomy risky, how tool scope and identity work, prompt injection and confused-deputy failures, and how Safeguard governs agents that act on your systems.

Jul 6, 20266 min read
AI Security

Agentic AI Security: Why Architecture Beats Model Size in Vulnerability Discovery

The CyberGym leaderboard shows the lead in AI vulnerability discovery moving to multi-agent orchestration, not raw model scale. Here is what that means for security teams betting on agentic AI.

Jun 21, 20267 min read
Strategy

Cost-Per-Verified-Finding: How Agentic AI Breaks Vulnerability Triage

Agentic AI can generate findings faster than any team can read them. The metric that survives that flood isn't cost-per-finding, it's cost-per-verified-finding. Here's why verification is now the bottleneck.

Jun 18, 20267 min read
Industry Events

DEF CON 34 Preview: Agentic AI Security Takes Center Stage at Hacker Summer Camp

DEF CON 34 lands in Las Vegas August 6-9, 2026 under the theme 'Agency' — a deliberate nod to agentic AI. Here is what to watch, why it matters, and how to prepare before you board the plane.

Jun 16, 20267 min read
Strategy

Agentic AI at RSAC 2026 vs Infosecurity Europe 2026: Two Continents, One Theme

RSAC 2026 in San Francisco and Infosecurity Europe 2026 in London both orbited agentic AI, shadow AI, and post-quantum cryptography. What changed across the Atlantic was the framing: market velocity versus regulation and sovereignty.

Jun 11, 20267 min read
agentic-ai — Safeguard Blog