ai-security
Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.
532 articles
What an AI Bill of Materials is and why enterprises need one
An AI bill of materials (AIBOM) inventories the models, data, and dependencies behind an AI system. Here's what it is and why enterprises need one.
Risks of downloading malicious pretrained models from pub...
Real incidents show malicious Hugging Face models evading scanners with pickle exploits and reverse shells. Here's what teams need to know before the next pull.
How slopsquatting exploits AI-hallucinated package names
Slopsquatting attacks turn AI-hallucinated package names into real supply chain threats. Here's how it works, the numbers behind it, and how Safeguard stops it.
Security risks introduced by AI coding assistants and gen...
AI coding assistants now write huge shares of production code. Real 2025 incidents show hallucinated packages, leaked secrets, and vulnerable defaults ship with it.
Using confidential computing to protect LLM inference and...
How hardware-based secure enclaves keep LLM prompts and weights encrypted even during active inference, and why confidential AI inference is reshaping AI compliance in 2026.
What AI red teaming is and how to run a structured exercise
A practical guide to AI red teaming: how to plan, run, and report a structured LLM red team exercise using a repeatable adversarial testing methodology.
Comparing leading LLM red teaming and automated testing t...
A practical comparison of leading LLM red teaming tools -- PyRIT, Garak, Giskard, Promptfoo, Lakera Red, and Mindgard -- with real strengths, limits, and evaluation criteria.
How AI safety benchmarks and evaluations measure model risk
A concrete look at how AI safety benchmark evaluation, LLM safety scorecards, and capability testing actually measure model risk in 2026 — and where they fall short.
Evaluating automated AI red teaming platforms for continu...
A practical buyer's guide to evaluating an automated red teaming platform for continuous AI testing, with a fair roundup of six real vendors and tools.
Explaining prompt injection attacks and why they're hard ...
Prompt injection attacks trick AI models into obeying attacker instructions hidden in data or user input, and there's still no complete fix.
How indirect prompt injection hides malicious instruction...
How attackers hide malicious instructions inside webpages, documents, and retrieved content to hijack AI systems — and why RAG pipelines are especially exposed.
Comparing LLM firewall and guardrail products for enterpr...
A vendor-by-vendor comparison of LLM firewall and AI guardrail platform options for enterprise deployment, with real strengths and limitations for each.