ai-security
Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.
532 articles
Securing MCP server registries: risks of unvetted AI tool...
Unvetted MCP servers already power tool poisoning and rug-pull attacks. Here's why package scanning like JFrog's isn't enough, and how to actually secure your MCP registry.
AI agent skills and plugin repositories: why they need th...
AI agent skills and MCP plugins are packages in disguise—executable, publicly registered, and largely ungoverned. Here's why they need npm-grade supply chain controls.
Responsible AI principles: what vendors commit to when bu...
What should a "responsible AI" commitment from a security vendor actually contain? A breakdown of the regulations, disclosures, and JFrog comparison every buyer should check.
Claude Opus 4.8 for Security Teams: Capabilities, AppSec Use, and Governance (May 2026)
Anthropic shipped Claude Opus 4.8 on May 28, 2026, with sharper agentic coding and better honesty about its own work. Here is what it changes for vulnerability triage, fix-PRs, and the governance you need before it touches your pipeline.
Securing AI coding assistants: governance patterns for to...
AI coding assistants like Claude Code and Cursor now write, install, and execute code with minimal oversight. Here's the governance framework that closes the gap JFrog's artifact scanning leaves open.
Evaluating AI Security Posture Management (AI-SPM) tools:...
A practical, criteria-based comparison of Safeguard and Mend.io for AI-SPM buyers: provenance verification, AI-BOM depth, and CI/CD policy enforcement.
Best AI red teaming tools ranked
Best AI red teaming tools ranked: how Mend.io's SCA scanning and Safeguard's exploitability-first SBOM analysis actually differ for AI supply chain risk.
Mend.io vs Noma Security: AI security platform comparison
Mend.io vs Noma Security: how these AI security platforms compare, and where Safeguard fits with its own AI-BOM, model scanning, and AI Gateway.
Claude, GPT, and Coding Harness Security: Comparing Model...
Claude and GPT both write vulnerable code by default in coding harnesses. Comparing model behavior, then Safeguard's approach versus Endor Labs' reachability-first SCA.
AI-Based Cybersecurity Tools: What to Look For
AI based cybersecurity tools range from genuinely useful triage assistants to thin wrappers around a generic model, and the difference is usually visible in how the tool handles context, not in its marketing.
When Configuration Is the Vulnerability: Microsoft's May 2026 Look at Exposed AI Apps on Kubernetes
Microsoft's May 14, 2026 research found AI frameworks shipping Helm charts that expose web UIs on internet-facing LoadBalancers with no authentication and cluster-admin service accounts. Mage AI on port 6789 was the headline, but it was far from alone.
Keeping secrets out of agent context windows: brokers, scoped tokens, and redaction
Every secret that touches an agent's context window is a secret the agent can leak. Just-in-time credential brokers, scoped-token issuance, and redaction layers keep the surface small without breaking the agent's ability to do real work.