ai-governance
Safeguard articles tagged "ai-governance" — guides, analysis, and best practices for software supply chain and application security.
31 articles
The emerging role of the AI security engineer
OWASP's 2025 LLM Top 10 ranks prompt injection #1 and calls it structurally unfixable by parameterization — a signal that AppSec skills alone no longer cover the job.
The OWASP Top 10 for LLM Applications, Explained
The OWASP LLM Top 10 is the closest thing the field has to a shared checklist for AI security. Here is what each of the ten risks actually means, in plain language, with the defenses that matter.
AI Red Teaming vs. AI-SPM: Why You Need Both
OWASP's 2025 LLM Top 10 and MITRE ATLAS both treat adversarial testing and posture scanning as separate disciplines — most AI programs still run only one.
GPT-5.5-Cyber and Trusted Access: The Dual-Use Governance Questions Defenders Should Be Asking
OpenAI's Daybreak ships a permissive, offensive-capable model behind a tiered Trusted Access program and a wave of government partnerships. Here's what model-risk, procurement, and security-policy teams should demand before they rely on it.
Safeguard Is Now a Connector in Claude: Continuous Compliance Monitoring for Enterprise AI
Connect Safeguard to Claude Enterprise and Claude Platform to turn Claude activity logs into real-time AI compliance monitoring, audit-ready SOC 2 / NIST / PCI-DSS evidence, and policy enforcement — activity logs only, never conversation content.
AI & LLM Governance for Software Development
Sonatype flags bad packages after the fact. Here's what AI governance for software development requires, and how Safeguard tracks models and output together.
Shadow AI: Finding and Governing the Tools Your Employees Already Use
Most of your organization is already using AI you never approved. Here is how to discover it, govern it, and offer sanctioned alternatives before it becomes a breach.
AI governance frameworks: managing risk in AI-built software
AI governance frameworks like NIST AI RMF and the EU AI Act now govern AI-built software. Here's what they require, and where JFrog's artifact-first approach falls short.
Responsible AI principles: what vendors commit to when bu...
What should a "responsible AI" commitment from a security vendor actually contain? A breakdown of the regulations, disclosures, and JFrog comparison every buyer should check.
Claude Opus 4.8 for Security Teams: Capabilities, AppSec Use, and Governance (May 2026)
Anthropic shipped Claude Opus 4.8 on May 28, 2026, with sharper agentic coding and better honesty about its own work. Here is what it changes for vulnerability triage, fix-PRs, and the governance you need before it touches your pipeline.
ISO 42001 and AI Management Systems for Security Teams
ISO 42001 makes AI governance auditable and certifiable. Here's what security teams need to build an AIMS, where Endor Labs' AI code-risk scoring falls short, and how Safeguard closes the gap.
Anthropic Claude vs OpenAI GPT: Enterprise Security in 2026
A pragmatic comparison of Claude and GPT for enterprise deployments in 2026, focused on the security and governance controls that matter to a buyer.