Safeguard
Tag

ai-security

Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.

532 articles

AI Security

Model Training Data and the Propagation of Insecure Codin...

LLM coding assistants inherit insecure patterns from their training data — from SQLi-prone snippets to hallucinated packages attackers exploit. Here's how the risk propagates.

Aug 7, 20258 min read
AI Security

Securing AI Agents: MCP Protocol Risks and Mitigations

The Model Context Protocol is transforming how AI agents interact with tools, but it introduces new attack surfaces. Here is what security teams need to understand.

Jul 22, 20256 min read
AI Security

Tool Poisoning Attacks: How Malicious Instructions Hide I...

AI agent tools can hide invisible instructions attackers use to steal data. Here's how tool poisoning attacks work and how Safeguard stops them.

Jul 22, 20256 min read
AI Security

Model Context Protocol Security 101: What Could Go Wrong ...

MCP lets AI models call tools automatically — and lets malicious servers hide instructions in plain sight. Here's how tool poisoning, rug pulls, and shadowing actually work.

Jul 22, 20257 min read
AI Security

Agent Skill Marketplaces as the Next Frontier for Supply ...

Agent skill marketplaces are repeating npm and PyPI's supply chain mistakes—except the malicious payload is often a sentence of instructions, not code. Here's what's already been exploited.

Jul 22, 20257 min read
AI Security

Prompt Injection vs Traditional Injection Attacks: A Tech...

SQL injection was solved by separating code from data. Prompt injection can't be, because in an LLM they share one channel. Here's the technical comparison, with real exploits and dates.

Jul 22, 20258 min read
AI Security

Why Autonomous Coding Agents Need Their Own Threat Model

Coding agents run with real credentials and no pause button. Here is the threat model that treats them as autonomous infrastructure, not junior developers.

Jul 21, 20257 min read
AI Security

The Jailbreaking Economy: How Model Vulnerabilities Get D...

Jailbreak prompts now trade like exploits: sold as $200/month "dark" chatbots, bountied by vendors for up to $15,000. Here's how that market actually works.

Jul 21, 20258 min read
AI Security

Least Privilege for AI Agents: Why It's Harder Than It So...

AI agents break least-privilege assumptions built for humans: they chain tools, act autonomously, and compose narrow scopes into broad access no one reviewed.

Jul 21, 20257 min read
AI Security

Distinguishing Model Risk from Application Risk in Agenti...

Model flaws and application flaws in AI agents cause different breaches and need different fixes. Real incidents show where each risk actually lives — and how to test for both.

Jul 21, 20257 min read
AI Security

How Malicious Payloads Get Smuggled Into Trusted AI Skill...

Attackers smuggle malicious payloads into trusted AI skill repositories via typosquats, staged fetches, and split-file obfuscation — here is exactly how it works.

Jul 20, 20258 min read
AI Security

What an AI Model Risk Registry Should Actually Track

Most AI model inventories are name-and-owner spreadsheets. Here's the provenance, licensing, CVE, and revalidation fields a real AI model risk registry needs to track.

Jul 20, 20257 min read
ai-security (Page 42) — Safeguard Blog