ai-security
Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.
532 articles
MCP Server Permissions: A Practical Checklist for Reducin...
A practical checklist for scoping MCP server permissions, denying risky defaults, and limiting the blast radius when an AI agent's tool access is exploited.
Why Traditional SAST Tools Struggle to Analyze Agentic Co...
Agentic codebases build call graphs at runtime, defeating static analysis. Here's why SAST tools miss prompt injection and tool-schema risks—and how Safeguard closes the gap.
Why Every AppSec Vendor Suddenly Has an 'AI Trust' Product
AppSec vendors are rebranding as "AI Trust" platforms. We look at the standards, M&A, and real incidents driving the shift — and why it's a supply chain problem at its core.
What OpenAI and Anthropic Ecosystem Partnerships Signal A...
OpenAI and Anthropic's expanding ecosystem deals are an AI model vendor security partnership signal AppSec teams can no longer afford to ignore.
The Rise of 'Security for AI' as a Distinct Product Category
Security for AI has become its own product category—backed by NIST, OWASP, and MITRE frameworks and real M&A. Here's why it's really a supply chain problem.
OWASP LLM Top 10 2025: System Prompt Leakage and Vector Weaknesses
The OWASP Top 10 for LLM Applications 2025 added System Prompt Leakage and Vector/Embedding Weaknesses, and elevated Sensitive Information Disclosure to #2. Here is the defender view.
MCP Server Authentication and Authorization: Securing the AI Tool Layer
The Model Context Protocol enables AI agents to interact with external tools and data sources. Securing MCP servers requires authentication, authorization, and input validation patterns specific to the AI agent context.
AI Agent Tool Calling Security: Risks and Mitigations
AI agents that call tools -- APIs, databases, file systems, code interpreters -- convert non-deterministic LLM output into real-world actions. Securing this boundary is the defining challenge of agentic AI.
MCP Protocol Security: What the Model Context Protocol Means for Supply Chains
Anthropic's Model Context Protocol standardizes how AI models interact with external tools. The security implications for software supply chains are significant.
NIST SP 800-218A: SSDF Practices for Generative AI Models
NIST finalized SP 800-218A on July 26, 2024, augmenting the Secure Software Development Framework with practices specific to generative AI and dual-use foundation models.
AI Code Assistants and Security: The Hidden Risks in 2025
AI coding assistants are generating millions of lines of production code. But they also introduce dependency hallucinations, insecure patterns, and supply chain risks that security teams need to address.
Prompt Injection as a Supply Chain Risk: When AI Dependencies Are Exploitable
Prompt injection is not just an application vulnerability. When LLMs process content from the software supply chain -- package descriptions, README files, commit messages -- injection becomes a supply chain attack vector.