Safeguard
Tag

ai-coding-assistants

Safeguard articles tagged "ai-coding-assistants" — guides, analysis, and best practices for software supply chain and application security.

11 articles

AI Security

The supply-chain and IP risk hiding inside AI coding assistants

GitHub has disclosed that Copilot suggestions match training-set code verbatim about 1% of the time — and a class action over it is still being argued in 2026.

Jul 8, 20267 min read
AI Security

The Hidden Risks of AI Coding Assistants

A 2021 NYU study found 40% of Copilot-generated code contained exploitable bugs — and that's before counting leaked secrets or hallucinated packages.

Jul 8, 20266 min read
AI Security

Securing AI Coding Assistants: Guardrails That Hold

AI coding assistants are in nearly every IDE now. Banning them fails; trusting them blindly fails harder. The middle path is guardrails — technical controls that let assistants move fast without letting them ship the wrong thing.

Jul 5, 20265 min read
Supply Chain Attacks

TrapDoor: The Cross-Ecosystem Crypto Stealer That Targeted DeFi Developers (May 2026)

Socket disclosed TrapDoor on May 24, 2026: 34+ malicious packages and 384+ versions across npm, PyPI, and Crates.io built to steal crypto wallets, SSH keys, and cloud credentials from crypto, DeFi, Solana, and AI developers.

May 26, 202612 min read
AI Security

Supply Chain Risks of AI Coding Assistants

Copilot, Cursor, and Claude Code change what enters your codebase and how. A practitioner's map of the real supply chain risks — hallucinated packages, rules-file injection, and unreviewed transitive trust.

Apr 11, 20266 min read
AI Security

Slopsquatting (AI package hallucination attack)

Slopsquatting exploits AI coding assistants that hallucinate nonexistent package names, which attackers then register as real, malicious packages.

Mar 2, 20266 min read
AI Security

Security risks introduced by AI coding assistants and gen...

AI coding assistants now write huge shares of production code. Real 2025 incidents show hallucinated packages, leaked secrets, and vulnerable defaults ship with it.

Dec 14, 20257 min read
Industry Analysis

Autocomplete Anxiety: Measuring How Often AI Coding Assis...

Studies show 40-45% of AI-suggested code contains exploitable flaws, and models hallucinate fake packages developers install. Here's what the data says.

Aug 9, 20257 min read
AI Security

The Prompt Injection Problem Hiding Inside Everyday Code ...

AI coding assistants read untrusted files as instructions, not data. Here's how prompt injection sneaks malicious code into your commits — and how to catch it before it ships.

Aug 8, 20257 min read
Buyer's Guides

Comparing Insecure Output Rates Across Popular AI Coding ...

A benchmark-driven look at insecure output rates across GitHub Copilot, Cursor, Amazon Q, and Tabnine, and why the model matters more than the brand.

Aug 7, 20257 min read
Industry Analysis

Are AI Coding Assistant Vendors Ready to Own Their Securi...

AI coding assistants ship indemnification for copyright suits, not for the vulnerabilities they introduce. Here's the liability gap enterprises need to understand.

Jul 15, 20258 min read
ai-coding-assistants — Safeguard Blog