Safeguard
Tag

ai-security

Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.

532 articles

AI Security

Claude Sonnet 4.5 System Card: Security Reading

Anthropic shipped Claude Sonnet 4.5 on September 29, 2025 with a 70-page system card. We pull the supply-chain-relevant findings out of it.

Oct 2, 20256 min read
AI Security

How Snyk Agent Fix's agentic retry loop self-corrects fai...

A technical look at how Snyk's Agent Fix uses a bounded, feedback-driven retry loop to validate and self-correct AI-generated vulnerability fixes before they reach a pull request.

Sep 10, 20258 min read
AI Security

Supply Chain Attacks Targeting AI/ML Pipelines

AI and ML pipelines introduce unique supply chain risks -- from poisoned training data to compromised model registries. Here is what attackers are targeting and how to defend.

Sep 1, 20257 min read
Supply Chain

Nx s1ngularity: The First AI-Aware Supply Chain Worm

On August 26, 2025, malicious versions of Nx (20.9.0–21.8.0) harvested 2,349 credentials from 1,079 developers and weaponized Claude, Gemini, and Q CLIs to enumerate local secrets.

Aug 29, 20256 min read
AI Security

Open-Weight Model Sandboxing Patterns

Running an open-weight model inside an enterprise perimeter seems safer than calling a hosted API. It is, and it isn't. The sandboxing patterns that actually produce the safety properties.

Aug 28, 20256 min read
AI Security

GPT-5 Launch: Reading the System Card for Supply-Chain Risk

GPT-5 shipped August 13, 2025 under OpenAI's Preparedness Framework v2. Here's what the system card tells security teams about deployment risk.

Aug 22, 20256 min read
Industry Analysis

How Snyk AI-BOM detects MCP servers connected to an appli...

A technical look at how Snyk's AI-BOM statically detects MCP client-server connections in source code, what CycloneDX data it captures, and where its coverage stops.

Aug 21, 20258 min read
Industry Analysis

How Snyk AI-BOM surfaces shadow AI usage that security te...

How Snyk's AI-BOM uses code-level analysis, not manifest parsing, to surface shadow AI models, agent frameworks, and MCP servers security teams don't know are running.

Aug 20, 20257 min read
Industry Analysis

How Snyk's AI-BOM API lets teams query AI component inven...

How Snyk's AI-BOM API exposes AI model and dataset inventories as queryable, CycloneDX-aligned data teams can pull into CI, GRC, and asset tooling programmatically.

Aug 20, 20258 min read
Industry Analysis

How Snyk's AI-SPM approach extends ASPM concepts to AI sy...

How Snyk's Evo AI-SPM extends ASPM's discover-assess-enforce loop to models, datasets, and agents, based on its March 2026 GA launch and public documentation.

Aug 19, 20258 min read
AI Security

The Prompt Injection Problem Hiding Inside Everyday Code ...

AI coding assistants read untrusted files as instructions, not data. Here's how prompt injection sneaks malicious code into your commits — and how to catch it before it ships.

Aug 8, 20257 min read
Open Source Security

Hallucinated Dependencies: How AI Models Invent Package N...

AI coding assistants regularly invent package names that don't exist — and attackers are registering them first. Here's how slopsquatting works and how to defend against it.

Aug 7, 20257 min read
ai-security (Page 41) — Safeguard Blog