ai-agents
Safeguard articles tagged "ai-agents" — guides, analysis, and best practices for software supply chain and application security.
66 articles
How Malicious Skills Get Distributed Through Agent Registries
CVE-2025-59536 (CVSS 8.7) let a single malicious commit auto-approve MCP servers in Claude Code, no install click required. Registries need the same controls as package managers.
Prompt injection via AI agent CI/CD workflow tampering
A single malicious PR title was enough to make three major AI coding agents leak API keys straight out of a GitHub Actions runner.
Governing AI agents inside the execution loop
Snyk's Evo Agentic Development Security, in open preview since June 23, 2026, hooks directly into an agent's tool calls — proof that pre-deployment review can't govern a decision made mid-session.
New security risks across the agentic development lifecycle
Snyk found 76 confirmed-malicious skills among 3,984 analyzed and roughly a third of public MCP servers carrying exploitable flaws — legacy AppSec never modeled an agent as the author.
Securing MCP integrations for enterprise AI assistants
Claude's May 2026 enterprise and desktop expansion put MCP tool calls in front of compliance teams and IDEs alike — governance can no longer be an afterthought.
Agentic AI Security FAQ: Governing Autonomous AI in 2026
Clear answers on securing agentic AI — what makes autonomy risky, how tool scope and identity work, prompt injection and confused-deputy failures, and how Safeguard governs agents that act on your systems.
MCP Server Security FAQ: Safeguarding AI Agent Tool Access in 2026
Plain answers about securing the Model Context Protocol — what an MCP server exposes, how agents authenticate, the prompt-injection and tool-poisoning risks, and how Safeguard's MCP server fits in.
AI Agent Tool-Use Security: Locking Down What Agents Can Do
The moment you give an LLM tools, it stops being a chatbot and becomes an actor in your systems. Tool-use security is about making sure a compromised agent hits a wall instead of a credential.
Agentic AI Security: Why Architecture Beats Model Size in Vulnerability Discovery
The CyberGym leaderboard shows the lead in AI vulnerability discovery moving to multi-agent orchestration, not raw model scale. Here is what that means for security teams betting on agentic AI.
Where Defenders Should Be: The H2 2026 Cybersecurity Conference Calendar
A preview of the major H2 2026 security events — Black Hat USA, DEF CON 34, USENIX Security — and the agentic AI security and supply chain themes that will dominate the agendas.
Black Hat Arsenal 2026 Preview: The Agentic AI and Supply-Chain Tools to Watch
Black Hat USA 2026 runs August 1–6 at Mandalay Bay, with Arsenal August 4–6. Here is an honest preview of the open-source tool categories worth your time — and how to tell signal from demo-day hype.
Black Hat USA 2026 Preview: Agentic AI Security Takes Mandalay Bay
A preview of Black Hat USA 2026 at Mandalay Bay, Aug 1-6. Why agentic AI security, the software supply chain, and post-quantum readiness are the threads to watch before the briefings begin.