ai-agents
Safeguard articles tagged "ai-agents" — guides, analysis, and best practices for software supply chain and application security.
66 articles
MCP Server Discovery Protocol Security
MCP server discovery turns a client connection string into a live capability graph. The protocol mechanics that make this convenient also widen the blast radius when discovery is spoofed, tampered with, or silently reshaped mid-session.
Agent Security Buyer's Guide Overview
As AI agents gain production write-access across the enterprise, security teams need a rigorous buyer's guide to separate real agent security platforms from repackaged AppSec dashboards.
MCP vs Skills vs Hooks vs Rules Explained
MCP, Skills, hooks, and rules extend AI coding agents in very different ways — two execute code, two only steer behavior. Here's how each one breaks.
AI Agent Security Risks: Why Autonomous Systems Are the Next Supply Chain Frontier
AI agents are consuming APIs, installing packages, and executing code autonomously. The security implications are massive and largely unaddressed.
AI Agent Tool-Scope Enforcement Patterns
Agents get tool lists, not tool boundaries. We walk through scoping patterns that actually hold when Claude 4 or GPT-5 picks the wrong function at runtime.
Explaining Model Context Protocol and its expanding attac...
MCP security is now urgent: MCP servers grew from 700 to 16,000+ in a year, and most are unaudited. Here is the threat model and how Safeguard secures it.
Glossary of Model Context Protocol security terminology
A precise MCP security glossary covering clients, servers, resources vs. tools, tool poisoning, rug pulls, and the confused deputy problem — with real-world examples.
Human-Agent Trust Exploitation in AI Systems
Attackers are exploiting the trust between humans and AI agents — hidden prompt injections, hallucinated packages, and over-trusted autonomy are now supply chain risks.
Uncontrolled Recursion in AI Agent Loops
AI agents can call themselves into runaway loops, burning thousands of dollars and crashing services. Here's why it happens and how to stop it.
Memory and Context Poisoning Attacks Against AI Agents
How attackers poisoned ChatGPT's memory and RAG pipelines to hijack AI agents long-term, and the controls Safeguard uses to catch it before it spreads.
Excessive Agency in LLM-Powered Applications
Excessive agency turns a bad LLM output into an executed action. From Replit's July 2025 database deletion to Air Canada's chatbot ruling, here's what it is and how to scope it down.
AI Agent Memory: Security Risks
Persistent memory makes AI agents more useful and more dangerous. A security engineer's walkthrough of how agent memory gets poisoned, exfiltrated, and weaponised, with concrete 2025 examples.