Safeguard
Tag

ai-security

Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.

532 articles

AI Security

Threat-modeling for AI-native applications

STRIDE has six categories from 1999. OWASP's LLM Top 10 and MITRE ATLAS's ~84 techniques show why agentic AI needs new threat-modeling columns, not a new framework.

Jul 9, 20267 min read
AI Security

The OWASP Top 10 for LLM Applications, Explained

The OWASP LLM Top 10 is the closest thing the field has to a shared checklist for AI security. Here is what each of the ten risks actually means, in plain language, with the defenses that matter.

Jul 8, 20266 min read
Tutorials

How to Create an AIBOM for Your AI Models

Build an AI Bill of Materials that inventories the models, datasets, adapters, and MCP tools your application depends on — using CycloneDX ML-BOM and commands you can run today.

Jul 8, 20265 min read
AI Security

Red-Teaming AI Applications: A Field Guide

You cannot secure an LLM application by reading its code alone. You have to attack it the way an adversary will — with language, with poisoned content, and with the goal of making it do something it should not. Here is how to run an AI red team.

Jul 8, 20265 min read
AI Security

What Is the Model Context Protocol (MCP)? And What It Means for Security

MCP is the USB-C of AI integrations — one open standard for connecting models to tools and data. It also standardizes a fresh attack surface, so understanding both halves matters.

Jul 8, 20265 min read
AI Security

Integrating AI Tools Without Expanding Your Attack Surface

Stanford researchers found developers using AI coding assistants wrote more security bugs — and felt more confident in them. Here's how to adopt AI safely.

Jul 8, 20268 min read
AI Security

AI-assisted vulnerability remediation patterns: what to verify before you merge

GitHub reports its Copilot Autofix suggestions resolve two-thirds of flagged vulnerabilities with little or no editing — but the other third is where merges go wrong.

Jul 8, 20267 min read
AI Security

How to validate AI-generated autofix suggestions before you merge them

319 LLM patches for 64 real CVEs were graded in 2026: only 24.8% were both secure and functional. Speed without validation just merges bugs faster.

Jul 8, 20266 min read
AI Security

Why AI-generated code quality problems compound into security risk

Developers using AI coding assistants wrote less secure code in 4 of 5 tasks in a 2023 Stanford study — and were more confident it was safe.

Jul 8, 20267 min read
AI Security

The Security Pitfalls Hiding in AI-Generated Code

A 2021 NYU study found roughly 40% of Copilot completions on security-relevant prompts contained exploitable flaws. Here's a field guide to catching them.

Jul 8, 20266 min read
AI Security

Where AI actually helps AppSec — and where it quietly makes things worse

One 2025 benchmark found an LLM filter cut Semgrep's false positives by 88.6% — while a separate study found GPT-4 alone flagging vulnerabilities was wrong more often than right.

Jul 8, 20267 min read
AI Security

AI Developer Tools: Weighing Productivity Against Security and IP Exposure

NYU found 40% of Copilot-generated code contained exploitable flaws; Samsung banned ChatGPT after three leaks in under 20 days. The productivity math still isn't simple.

Jul 8, 20267 min read
ai-security (Page 3) — Safeguard Blog