ai-security
Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.
531 articles
The Cursor extension that cost a developer $500,000
A fake Solidity extension on Open VSX was downloaded 50,000+ times, dropped an infostealer, and drained $500K in crypto — how the marketplace trust model failed.
When the Scanner Is the Backdoor: The LiteLLM Trivy Attack
On March 19, 2026, TeamPCP hijacked Trivy's GitHub Action to steal LiteLLM's PyPI token, then shipped a backdoored release, CVE-2026-33634, CVSS 9.4.
The Nx Attack Turned AI Coding Agents Into the Malware
In August 2025, attackers hijacked Nx's npm publish token and used Claude Code, Gemini CLI, and Amazon Q as the exfiltration engine — leaking 2,349 secrets.
The postmark-mcp Backdoor: What MCP Server Vetting Should Look Like
A trojanized MCP server BCC'd every email it sent to an attacker for weeks, downloaded 1,643 times, before anyone noticed. Here's the pattern and the fix.
Can AI-Generated Code Be Trusted? A Security Review
A 2025 USENIX study found LLMs hallucinate nonexistent packages in up to 21.7% of code samples — and attackers are already registering the names.
AI Code Generation: An Evaluation Framework for Gating Output Before Merge
NYU researchers found security weaknesses in ~40% of Copilot-generated programs. Here's how to gate AI code before it ever reaches main.
Practical DLP controls for generative AI tools
Samsung engineers leaked chip source code into ChatGPT three times in 20 days. Here's how to build DLP controls that stop the next leak before it happens.
The OWASP Top 10 for LLM Applications, Explained With Real Examples
OWASP's LLM security list has grown from a 2023 side project into a 600+ expert initiative. Here's what each of the ten risks actually looks like in production.
Symbolic Reasoning vs. LLMs: Which Static Analysis Actually Finds Bugs?
The CASTLE benchmark tested 13 static analyzers and 10 LLMs on 250 programs — neither approach won outright, and the reasons why matter for your AppSec stack.
AI agents in AppSec pipelines: triage, remediation, and guardrails
GitHub's Copilot Autofix cuts median fix time from 1.5 hours to 28 minutes — but a 2025 Replit agent incident shows why autonomy needs hard limits.
AI risk management best practices: a lifecycle framework
NIST's AI RMF has four functions and MITRE ATLAS now tracks 84 adversarial techniques — most AI risk programs still only cover one lifecycle stage.
When Shared AI Chats Become Public Search Results
In July 2025, ~4,500 shared ChatGPT conversations turned up indexed on Google. Here's why sharable AI chats leak, and how enterprises stop it at the gateway.