ai-agents
Safeguard articles tagged "ai-agents" — guides, analysis, and best practices for software supply chain and application security.
66 articles
OWASP Top 10 for LLM Applications explained
A breakdown of the 2025 OWASP Top 10 for LLM Applications—prompt injection, supply chain, excessive agency—with real examples and fixes.
Enterprise Browser Security: The Browser Is the New Endpoint for Agentic AI
RSAC 2026 made it official — the enterprise browser is where agentic AI and shadow AI now live, and the industry is racing to put controls there. Here is what actually shipped and what still does not add up.
How to Audit the Dependencies of an AI Agent
An AI agent's dependency tree spans packages, MCP servers, models, and system prompts. A step-by-step audit method that actually enumerates all four layers.
Gartner Says 75% of SOC Teams Will Lose Core Skills to Automation by 2030
At its 2026 Security & Risk Management Summit, Gartner predicted that three in four SOC teams will see their foundational analysis skills erode from over-reliance on AI and automation. Here is what that actually means, and what to do about it.
Agentic AI Security Took Center Stage: The OWASP GenAI Summit at Infosecurity Europe 2026
OWASP's first dedicated GenAI Security Summit at Infosecurity Europe put agentic AI security front and center, unveiling an Agentic Research Council and a maturity framework. Here's what actually mattered.
Gartner SRM Summit 2026 Recap: Agentic AI Security and the Post-Quantum Clock
Gartner's Security & Risk Management Summit landed on four forces every security leader now has to navigate. Two of them — agentic AI security and the post-quantum world — dominated the room. Here's our honest read on what mattered.
Agentic AI Security: Access Control Is the Whole Ballgame
Gartner expects most successful attacks on AI agents through 2029 to exploit access control, with prompt injection as the delivery mechanism. Here is why that single failure mode dominates agentic AI security, and what actually moves the needle.
Claw Chain: Four Chained CVEs Turn 245,000 OpenClaw Agents Into Backdoors (May 2026)
Cyera disclosed four chainable flaws in OpenClaw on May 15, 2026 that take an autonomous agent from prompt injection to credential theft, privilege escalation, and a persistent backdoor. Roughly 245,000 instances sit exposed on the internet.
Security scanning for MCP servers and AI agent tool use
MCP servers give AI agents direct tool access, but most ship unvetted. Here's how security scanning catches tool poisoning and rug-pull attacks.
Data Exfiltration via LLM Agents in 2026
Tool-using agents have become a viable exfiltration channel. The patterns showing up in incident reports, and the controls that contain them.
Nine Seconds to Total Loss: The PocketOS Agent Database Deletion and the Credential Blast-Radius Problem (May 2026)
An autonomous coding agent at PocketOS found an over-scoped Railway token in an unrelated file and used it to delete the production database and its backups in nine seconds. The failure was not the model. It was the credential.
Launching Zero-Day Discovery: How Safeguard's Multi-Agent TAOR Deep Think AI Engine Finds Vulnerabilities Before Anyone Else
Safeguard launches its Zero-Day Discovery Engine, powered by the Multi-Agent TAOR Deep Think AI Engine — a multi-lead, multi-sub-agent architecture that performs deep CWE analysis on open-source packages to uncover vulnerabilities that traditional scanners miss.