ai-security
Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.
532 articles
OpenAI API Key Leakage on GitHub at Scale
A senior engineer's view of OpenAI API key leakage on GitHub at scale, why automated secret scanning misses so many, and what actually stops the bleeding.
Responsible Disclosure For Discovered Zero-Days
When your pipeline starts producing zero-days, you inherit responsible disclosure obligations. Here is how to do it well, with the artefacts the pipeline already gives you.
AI Coding Assistant Data Leak Incidents Trend
AI coding assistants are now standard developer tooling. The incident data from 2025 and early 2026 shows a recurring pattern of source code, credential, and customer data leaking through them.
Tool-Call Audit: The Missing AI Observability Layer
Most AI observability stacks log prompts and completions. The actual security signal is in the tool calls. Here is how to capture it.
Transitive Dependency Fix Cascades, Managed
Fixing a transitive dependency is rarely a single bump. It is a cascade. Here is how to manage those cascades without flooding reviewers or breaking builds.
Scaling Across Repos: Griffin AI vs Mythos
Multi-repo security reasoning is a graph problem, not a retrieval problem. How Griffin AI's engine scales where pure-LLM products flatten into guesswork.
MCP Server Lifecycle Management Patterns
Patterns for managing MCP servers through development, staging, rollout, and deprecation — with an eye on the security gaps that appear at each transition.
Engine-Plus-LLM vs Pure-LLM Bug Hunters
The difference between an engine-plus-LLM bug hunter and a pure-LLM one is not a tuning detail. It is a structural divide that determines whether the findings are usable.
Model Substitution Attacks: An Emerging Pattern
An attacker who can swap the model behind an API call can read every prompt and shape every response. The emerging trend in 2026 is model substitution as an attack class with its own techniques and disclosures.
Out-Of-Band Confirmation For Irreversible Tool Calls
Some tool calls cannot be undone. Out-of-band confirmation is the cheapest defense for that small set, and the most expensive thing to skip.
Reachability vs Pure-LLM Vulnerability Scanning In 2026
Pure-LLM vulnerability scanners hit production around 2024. By 2026 their failure modes are documented. Reachability remains the backbone — and the LLM is most useful on top of it.
Training Data Poisoning: Pipeline Defenses
A senior engineer's guide to training data poisoning defenses in 2026, from split-learning detection to provenance attestation and continuous pipeline monitoring.