ai-security
Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.
532 articles
Securing MCP Servers Without Killing Developer Velocity
MCP servers are spreading inside engineering orgs faster than security teams can review them. Here is how to govern them without slowing teams down.
Why LLMs Are Structurally Insecure (and What That Means for Your Pipeline)
Language models are not insecure because of a bug you can patch. They are insecure by construction — non-deterministic, context-poisonable, and unreproducible. Here is how to reason about them without pretending otherwise.
Auto-PR Remediation Without Broken Builds
Automated fix pull requests sound great until half of them fail CI. Here is how to ship auto-PR remediation that keeps the green build, every time.
DSPM for AI: navigating data and AI compliance regulations
DSPM for AI closes the gap traditional tools miss: tracking sensitive data through embeddings, fine-tuning, and vector stores to meet EU AI Act and Colorado AI Act requirements.
API Surface Reviewed: Griffin AI vs Mythos
Most platform comparisons stop at features. The API surface is where automation and integration actually happen — and where vendors quietly diverge.
Why LLM-Based Vulnerability Scanning Needs More Than a Single Model
Large language models are being used to find vulnerabilities in open-source code. But a single model, no matter how capable, isn't enough. Here's why multi-agent orchestration, structured CWE analysis, and deep context matter more than model size.
Zero-Day Discovery In Your Dependency Graph
Most zero-days that hurt enterprises in 2026 live three or four hops deep in the dependency graph. Here is what it takes to actually find them there.
OWASP Top 10 for LLM Applications, Explained
A practitioner's walkthrough of the OWASP Top 10 for LLM Applications: what each risk looks like in a real system, which ones bite first, and the mitigations that hold up.
Claude Code and AI Coding Agent Security Basics
Anthropic Claude Code security rests on permission gating, sandboxed execution, and human approval for risky actions — the same fundamentals any AI coding agent needs before it's allowed to run commands or edit code unattended.
Agentic AI Budget Explosions And Cost Controls
Agent runaway is no longer a theoretical risk — it is a line item on quarterly variance reports. The 2026 trend in agentic AI is less about model capability and more about who pays when an agent loops.
Enterprise MCP Registry Onboarding Process
A repeatable onboarding flow for adding MCP servers to an enterprise registry without becoming the team that says no to everything.
LLM Traces and Evals: The Missing Layer in AI Supply Chain Security
Prompt traces and offline evals are standard hygiene for ML teams, but almost nobody treats them as supply chain telemetry. They should be. Here's how traces and evals plug into SBOM and reachability as a fourth security signal.