Safeguard
Tag

ai-agents

Safeguard articles tagged "ai-agents" — guides, analysis, and best practices for software supply chain and application security.

66 articles

AI Security

Least-privilege scoping for AI agents with write access to code, CI, and cloud

OWASP's 2025 LLM Top 10 names Excessive Agency a top risk; a single over-scoped CI token already dumped secrets from 23,000+ repos in 2025.

Jul 10, 20268 min read
AI Security

The Security Chores Agents Should Handle Themselves

Enabling 2FA, rotating a password, revoking a stale session, minting a scoped key — the account-hygiene tasks everyone postpones. When an agent can do them through MCP, 'later' becomes 'now.'

Jul 9, 20264 min read
AI Security

Region-Blind Pricing Breaks the Moment an Agent Checks Out

Your pricing is localized by country — but an AI agent rarely holds a clean country code. If your checkout can't resolve region from the messy signals an agent actually has, it quotes the wrong price or none at all.

Jul 9, 20264 min read
AI Security

Death by a Thousand Tools: Governing an MCP Server at Scale

A 900-tool MCP server is powerful and terrifying in equal measure. The answer isn't fewer tools — it's per-tenant governance, where each capability is off until an admin turns it on.

Jul 9, 20264 min read
AI Security

The Onboarding Tax: Why Signup Forms Break Agent Workflows

Every signup form, verification email, and OAuth redirect is a wall an AI agent can't climb. Zero-touch onboarding lets an agent create the account and sign in itself — no browser, no human relay.

Jul 9, 20264 min read
AI Security

Agentic Commerce: Why Your SaaS Has to Let AI Agents Buy

AI agents already research, compare, and recommend software — but the moment they hit a paywall, they stall and hand the job back to a human. Here's why that gap is expensive, and how agent-native purchasing closes it.

Jul 9, 20264 min read
AI Security

AI agents in AppSec pipelines: triage, remediation, and guardrails

GitHub's Copilot Autofix cuts median fix time from 1.5 hours to 28 minutes — but a 2025 Replit agent incident shows why autonomy needs hard limits.

Jul 9, 20266 min read
AI Security

Least-Privilege Tool Scoping for AI Coding Agents

One overprivileged GitHub token let researchers hijack an AI agent into leaking private repo data via a public issue. Scoping tool access closes that gap.

Jul 9, 20267 min read
FAQ

AI Agents and Supply Chain Security FAQ: 2026 Answers

Answers on where AI agents meet software supply chain security — the dependencies agents pull in, hallucinated packages, MCP servers as components, AIBOMs, and how Safeguard keeps the agentic supply chain governed.

Jul 8, 20265 min read
AI Security

What Is the Model Context Protocol (MCP)? And What It Means for Security

MCP is the USB-C of AI integrations — one open standard for connecting models to tools and data. It also standardizes a fresh attack surface, so understanding both halves matters.

Jul 8, 20265 min read
AI Security

Agents Can Now Procure Safeguard Through MCP

AI agents can browse regional pricing, compare tiers, start a Stripe checkout, and verify activation — the entire Safeguard procurement journey now runs through the MCP server.

Jul 8, 20266 min read
AI Security

Guardrails for Autonomous AI Agents: Allowlisting, Validation, and Human-in-the-Loop

OWASP's 2025 LLM Top 10 splits Excessive Agency into three root causes. Here's how tool allowlisting, output validation, and approval gates address each one.

Jul 8, 20266 min read
ai-agents — Safeguard Blog