Safeguard
Tag

ai-bom

Safeguard articles tagged "ai-bom" — guides, analysis, and best practices for software supply chain and application security.

38 articles

AI Security

AI risk management best practices: a lifecycle framework

NIST's AI RMF has four functions and MITRE ATLAS now tracks 84 adversarial techniques — most AI risk programs still only cover one lifecycle stage.

Jul 9, 20266 min read
Industry Analysis

The emerging role of the AI security engineer

OWASP's 2025 LLM Top 10 ranks prompt injection #1 and calls it structurally unfixable by parameterization — a signal that AppSec skills alone no longer cover the job.

Jul 9, 20267 min read
Compliance & Frameworks

What AI Executive Orders Actually Mean for Enterprise Security Teams

The US revoked its AI safety EO in January 2025, but SBOM and evidence obligations under EO 14028 never went away — and the EU AI Act just got harder deadlines.

Jul 8, 20267 min read
AI Security

OWASP Top 10 for LLM Applications: A Practical Walkthrough

OWASP's 2025 LLM Top 10 added three new categories in one revision — here's what changed, why, and concrete mitigation patterns for each risk.

Jul 8, 20267 min read
AI Security

A vendor-neutral checklist for rolling out AI coding assistants safely

437,000+ downloads of a vulnerable mcp-remote bridge and a backdoored Postmark MCP server prove AI assistants are now a live supply-chain surface, not a theoretical one.

Jul 8, 20266 min read
SBOM

From SBOMs to AI BOMs: SPDX 3.0 Explained

SPDX 3.0 adds a formal AI profile for documenting ML models and datasets. Here's what changed, how it compares to CycloneDX, and why it matters now.

Jun 6, 20268 min read
AI Security

Evaluating AI Security Posture Management (AI-SPM) tools:...

A practical, criteria-based comparison of Safeguard and Mend.io for AI-SPM buyers: provenance verification, AI-BOM depth, and CI/CD policy enforcement.

May 25, 20268 min read
SBOM & Compliance

Building A Defensible SBOM Program In 90 Days

A pragmatic 90-day blueprint for standing up an SBOM program that survives auditor scrutiny, procurement reviews, and incident response without burning out your platform team.

Apr 11, 20266 min read
SBOM & Compliance

AI-BOM Explained: Tracking Models As Supply Chain

AI models are now first-class supply chain components. Here is how an AI-BOM captures lineage, datasets, runtimes, and evaluations in a way that survives audit.

Apr 7, 20267 min read
SBOM & Compliance

SBOM-Driven Vendor Onboarding: Procurement Blueprint

Procurement that asks for a PDF security questionnaire is buying paperwork. SBOM-driven onboarding turns vendor risk into queryable, comparable, and enforceable data.

Apr 3, 20266 min read
SBOM & Compliance

CycloneDX vs SPDX: Which Format For Your Program

A senior-engineer comparison of CycloneDX and SPDX in 2026, covering field coverage, tooling, AI-BOM support, VEX, and the practical trade-offs for your programme.

Mar 29, 20266 min read
SBOM & Compliance

SBOM Quality: Fields Auditors Actually Check

Auditors do not score SBOMs on file count. They check a small set of fields that prove the artefact is real, current, and tied to a verifiable build. Here are the ones that matter.

Mar 24, 20266 min read
ai-bom — Safeguard Blog