ai-agents
Safeguard articles tagged "ai-agents" — guides, analysis, and best practices for software supply chain and application security.
66 articles
A Security Baseline for AI Agent Tool Use in 2026
Tool-using agents are now in production at most large organizations. The security baseline that should be table stakes, and what teams are still missing.
Agentic Procurement: Letting AI Agents Buy Software Safely
Agents can now evaluate, trial, and pay for software without a human in the loop. The controls that make that safe: spend caps, allowlists, verifiable merchants, and audit trails.
RSAC 2026 Floor Report: Agentic AI Security, Platformization, and the Consolidation Debate
What the Moscone show floor actually said about platformization vs. best-of-breed, data sovereignty, and how agentic AI security rewrote the enterprise buying conversation at RSAC 2026.
Agentic AI Security Owned RSAC 2026: Innovation Sandbox, Launch Pad, and the Startups Worth Watching
Geordie AI won the RSAC 2026 Innovation Sandbox with an agentic AI security pitch, and nearly every finalist leaned on AI. Here is an honest recap of the contest, Launch Pad, and the Cryptographers' Panel — and what the signal actually means.
Agentic AI Security Took Over RSAC 2026, Even as 'The Power of Community' Was the Theme
RSAC 2026 sold itself on community for its 35th year, but the real story was an agentic-AI reckoning: autonomous agents that act, get phished, and now beat most humans at capture-the-flag. Here is what actually mattered.
Prompt Injection in CI/CD Pipelines: Attack Paths and Defenses
When LLMs review PRs, triage issues, and fix builds, every commit message becomes attacker input. The concrete attack paths through GitHub Actions and what blocks them.
How to Secure AI Agents on the MCP Protocol
MCP gives AI agents real tools, real credentials, and real blast radius. Here is a hardening guide for running MCP servers in production without torching your environment.
Securing MCP Servers: A Practical Checklist
MCP servers are runtime dependencies your agent trusts implicitly. Here is a concrete checklist for auth, tool pinning, sandboxing, and monitoring before you ship one.
AI Agent Tool Confused Deputy Problem in 2026
A senior engineer's take on the confused deputy problem in AI agent tool use, why it keeps reappearing in 2026, and the architectural patterns that actually fix it.
MCP Transport Layer Security Options
MCP supports stdio, streamable HTTP, and a handful of experimental transports. Each has distinct security properties, and the choice of transport constrains every other security decision you make about the deployment.
Securing MCP Servers in the Enterprise: A Practical Guide
MCP servers connect AI agents to your infrastructure. Here's how to secure them without killing the productivity gains.
Griffin Agent Loop: Design Decisions
The design rationale behind Griffin, Safeguard's triage agent — how the loop is structured, why we bounded reasoning depth, and how tool calls stay auditable.