Safeguard
Tag

ai-security

Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.

532 articles

Industry Analysis

The emerging role of the AI security engineer

OWASP's 2025 LLM Top 10 ranks prompt injection #1 and calls it structurally unfixable by parameterization — a signal that AppSec skills alone no longer cover the job.

Jul 9, 20267 min read
AI Security

A risk framework for enterprise AI coding and agent tool rollouts

Samsung banned ChatGPT company-wide after three leaks in 20 days. A working framework for data exposure, model supply chain, and access control risk.

Jul 9, 20267 min read
AI Security

Why traditional AppSec still catches most enterprise AI agent bugs

OWASP's LLM Top 10 names new categories, but most enterprise agent breaches trace back to broken access control and unvalidated input — the classics.

Jul 9, 20266 min read
AI Security

Concrete guardrails for AI coding assistants

40% of Copilot-generated code contained CWE Top 25 flaws in a 2022 study. Here are the prompt, scanning, and review gates that actually stop AI-written risk.

Jul 9, 20266 min read
AI Security

The guardrail gap in low-code agentic AI platforms

Low-code AI builders let business users wire agents to live connectors in minutes — but most ship without per-tool scoping, approval gates, or audit trails.

Jul 9, 20267 min read
AI Security

Least-Privilege Tool Scoping for AI Coding Agents

One overprivileged GitHub token let researchers hijack an AI agent into leaking private repo data via a public issue. Scoping tool access closes that gap.

Jul 9, 20267 min read
AI Security

MCP server security for AI coding agents

A critical RCE in Anthropic's own MCP Inspector (CVSS 9.4) and two Cursor CVEs show that giving AI agents tool access creates a new, largely unvetted attack surface.

Jul 9, 20267 min read
AI Security

A Reproducible Rubric for Measuring Prompt-Injection Risk in Agent Skills

OWASP has ranked prompt injection the #1 LLM risk for two straight editions, yet almost no one scores agent skill packages for it consistently. Here's a rubric.

Jul 9, 20266 min read
AI Security

Scanning AI-Generated Code Before It Merges: Wiring Scanners into Coding Assistants with MCP

Research found ~40% of Copilot suggestions were vulnerable, and devs using AI assistants trusted their code more. MCP lets you scan before merge.

Jul 9, 20267 min read
AI Security

Auditing AI agent skill registries for hardcoded keys

29M new hardcoded secrets hit public GitHub in 2025, up 34% YoY — and 3% of MCP servers in production carry hardcoded credentials as theft traps.

Jul 9, 20267 min read
AI Security

Securing MCP Servers for AI Agents

Five CVEs in 2025 alone trace MCP tool compromise back to one root cause: unsanitized strings piped into exec(). Here's how to expose and consume MCP safely.

Jul 9, 20267 min read
AI Security

Signing and provenance standards for AI agent skill registries

Shai-Hulud infected 500+ npm packages via stolen tokens in 2025. Agent skill registries are repeating the same unsigned-artifact mistake — here's the fix.

Jul 9, 20267 min read
ai-security (Page 2) — Safeguard Blog