ai-security
Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.
532 articles
Threat-modeling for AI-native applications
STRIDE has six categories from 1999. OWASP's LLM Top 10 and MITRE ATLAS's ~84 techniques show why agentic AI needs new threat-modeling columns, not a new framework.
The OWASP Top 10 for LLM Applications, Explained
The OWASP LLM Top 10 is the closest thing the field has to a shared checklist for AI security. Here is what each of the ten risks actually means, in plain language, with the defenses that matter.
How to Create an AIBOM for Your AI Models
Build an AI Bill of Materials that inventories the models, datasets, adapters, and MCP tools your application depends on — using CycloneDX ML-BOM and commands you can run today.
Red-Teaming AI Applications: A Field Guide
You cannot secure an LLM application by reading its code alone. You have to attack it the way an adversary will — with language, with poisoned content, and with the goal of making it do something it should not. Here is how to run an AI red team.
What Is the Model Context Protocol (MCP)? And What It Means for Security
MCP is the USB-C of AI integrations — one open standard for connecting models to tools and data. It also standardizes a fresh attack surface, so understanding both halves matters.
Integrating AI Tools Without Expanding Your Attack Surface
Stanford researchers found developers using AI coding assistants wrote more security bugs — and felt more confident in them. Here's how to adopt AI safely.
AI-assisted vulnerability remediation patterns: what to verify before you merge
GitHub reports its Copilot Autofix suggestions resolve two-thirds of flagged vulnerabilities with little or no editing — but the other third is where merges go wrong.
How to validate AI-generated autofix suggestions before you merge them
319 LLM patches for 64 real CVEs were graded in 2026: only 24.8% were both secure and functional. Speed without validation just merges bugs faster.
Why AI-generated code quality problems compound into security risk
Developers using AI coding assistants wrote less secure code in 4 of 5 tasks in a 2023 Stanford study — and were more confident it was safe.
The Security Pitfalls Hiding in AI-Generated Code
A 2021 NYU study found roughly 40% of Copilot completions on security-relevant prompts contained exploitable flaws. Here's a field guide to catching them.
Where AI actually helps AppSec — and where it quietly makes things worse
One 2025 benchmark found an LLM filter cut Semgrep's false positives by 88.6% — while a separate study found GPT-4 alone flagging vulnerabilities was wrong more often than right.
AI Developer Tools: Weighing Productivity Against Security and IP Exposure
NYU found 40% of Copilot-generated code contained exploitable flaws; Samsung banned ChatGPT after three leaks in under 20 days. The productivity math still isn't simple.