ai-security
Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.
532 articles
How RAG poisoning attacks manipulate retrieval-augmented ...
RAG poisoning attacks corrupt the external knowledge base an LLM retrieves from, turning trusted documents into vectors for misinformation and data leaks.
Security considerations for deploying and querying vector...
Vector databases now hold copies of your most sensitive data with weaker controls than the systems they came from. Here's what to fix before your next RAG deployment.
How model extraction attacks steal proprietary AI model b...
Model extraction attacks let adversaries clone proprietary AI models through ordinary API queries alone. Here's how the attacks work, why they evade detection, and how to stop them.
Understanding membership inference attacks against traine...
Membership inference attacks let adversaries confirm if your data trained a model, exposing privacy leakage in ML models and training data inference risks.
What shadow AI is and how to discover unsanctioned AI use...
Shadow AI risk is spreading faster than governance can keep up. Here's what unsanctioned AI use looks like inside real enterprises and how to discover it before data leaks.
Glossary of AI Trust, Risk, and Security Management (AI T...
A glossary of AI trust risk security management concepts: the Gartner AI TRiSM framework, its four pillars, AI risk taxonomy, and adversarial threats.
How to build an AI-specific incident response playbook
A step-by-step guide to building an AI incident response plan — covering scoping, escalation, detection, containment, and post-incident review for LLM and agent failures.
Prompt injection vulnerabilities in LLM applications explained
Prompt injection is OWASP's #1 LLM risk. See real CVEs like Vanna.AI's RCE flaw and how to detect and stop it.
AI Model Watermarking and Provenance
Watermarking and provenance are the two most confused terms in AI security. A practical breakdown of what each actually does, where the 2025 techniques break, and what to ship in the meantime.
Gemini 3 Pro and the Frontier Safety Framework Report
Google released Gemini 3 Pro on November 18, 2025 with the most thorough Frontier Safety Framework evaluation yet. We unpack what was disclosed and how it changes downstream defender posture.
Rogue AI Agents: When Autonomous Systems Act Outside Inte...
Autonomous AI agents are gaining real access to production systems — and real incidents, from deleted databases to fabricated refunds, show what happens when they act outside intended boundaries.
Human-Agent Trust Exploitation in AI Systems
Attackers are exploiting the trust between humans and AI agents — hidden prompt injections, hallucinated packages, and over-trusted autonomy are now supply chain risks.