ai-security
Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.
532 articles
Prompt Injection Defence Stack 2026
No single control stops prompt injection. The current state of the art is a defence-in-depth stack with controls at five distinct layers. Here it is.
Vector Database Poisoning Trend Watch
Vector databases are now central infrastructure for retrieval-augmented AI. The 2026 attack trend targets the index itself, not the model — and most defenders are not watching the right layer.
AI Coding Assistant Data Leakage Paths
AI coding assistants promise productivity but expand the data leakage surface in specific, mappable ways. The paths, the mitigations, and what enterprise policy actually looks like.
Real-World Vs Synthetic Eval Gap In Security
Synthetic eval benchmarks are controllable. Real-world data is messy. The gap between performance on each is usually large, and vendors prefer one over the other for a reason.
Bulk Remediation Of Aged Vulnerability Backlog
Most security teams are sitting on hundreds of stale findings. Here is how to clear an aged vulnerability backlog with bulk remediation that actually merges.
Cryptography Misuse Detection: Griffin AI vs Mythos
Crypto misuse is not about broken algorithms. It is about misused parameters, missing checks, and the gap between "it compiles" and "it is secure."
Ensemble LLMs For High-Precision Security Findings
One model's confident answer is a guess. Multiple models agreeing is evidence. Ensemble approaches raise precision for security-critical findings.
Hallucinated Security Findings: Measurable Rates
Pure-LLM security analysis hallucinates findings at rates between 20% and 70% depending on the task and model. Grounding is the architectural answer.
False Positive Rates: Griffin AI vs Mythos Benchmarked
Why pure-LLM security products generate false positives that engine-grounded platforms like Griffin AI structurally cannot — with CWEs and real triage data.
Cursor Enterprise Security Buyer Review 2026
An honest security buyer's review of Cursor Enterprise for 2026: data handling, model isolation, audit posture, and the gaps to negotiate before signing.
Fine-Tune Backdoors: The Quiet Threat
Fine-tuning a model on an attacker-controlled dataset can implant behaviour that only activates under specific conditions. The threat is quiet because detection is hard.
Zero-Day Discovery Economics: Cost Per Find
The economics of zero-day discovery have been opaque for too long. Here is the actual cost structure of finding a real, defensible bug, and how to think about it.