Safeguard
Tag

ai-security

Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.

532 articles

AI Security

MCP Server Permissions: A Practical Checklist for Reducin...

A practical checklist for scoping MCP server permissions, denying risky defaults, and limiting the blast radius when an AI agent's tool access is exploited.

Jul 20, 20258 min read
AI Security

Why Traditional SAST Tools Struggle to Analyze Agentic Co...

Agentic codebases build call graphs at runtime, defeating static analysis. Here's why SAST tools miss prompt injection and tool-schema risks—and how Safeguard closes the gap.

Jul 19, 20257 min read
Application Security

Why Every AppSec Vendor Suddenly Has an 'AI Trust' Product

AppSec vendors are rebranding as "AI Trust" platforms. We look at the standards, M&A, and real incidents driving the shift — and why it's a supply chain problem at its core.

Jul 16, 20257 min read
Application Security

What OpenAI and Anthropic Ecosystem Partnerships Signal A...

OpenAI and Anthropic's expanding ecosystem deals are an AI model vendor security partnership signal AppSec teams can no longer afford to ignore.

Jul 15, 20258 min read
Product

The Rise of 'Security for AI' as a Distinct Product Category

Security for AI has become its own product category—backed by NIST, OWASP, and MITRE frameworks and real M&A. Here's why it's really a supply chain problem.

Jul 14, 20257 min read
Frameworks

OWASP LLM Top 10 2025: System Prompt Leakage and Vector Weaknesses

The OWASP Top 10 for LLM Applications 2025 added System Prompt Leakage and Vector/Embedding Weaknesses, and elevated Sensitive Information Disclosure to #2. Here is the defender view.

Apr 22, 20257 min read
AI Security

MCP Server Authentication and Authorization: Securing the AI Tool Layer

The Model Context Protocol enables AI agents to interact with external tools and data sources. Securing MCP servers requires authentication, authorization, and input validation patterns specific to the AI agent context.

Apr 5, 20258 min read
AI Security

AI Agent Tool Calling Security: Risks and Mitigations

AI agents that call tools -- APIs, databases, file systems, code interpreters -- convert non-deterministic LLM output into real-world actions. Securing this boundary is the defining challenge of agentic AI.

Mar 10, 20257 min read
AI Security

MCP Protocol Security: What the Model Context Protocol Means for Supply Chains

Anthropic's Model Context Protocol standardizes how AI models interact with external tools. The security implications for software supply chains are significant.

Feb 20, 20256 min read
Compliance

NIST SP 800-218A: SSDF Practices for Generative AI Models

NIST finalized SP 800-218A on July 26, 2024, augmenting the Secure Software Development Framework with practices specific to generative AI and dual-use foundation models.

Feb 10, 20256 min read
Industry Analysis

AI Code Assistants and Security: The Hidden Risks in 2025

AI coding assistants are generating millions of lines of production code. But they also introduce dependency hallucinations, insecure patterns, and supply chain risks that security teams need to address.

Feb 8, 20256 min read
AI Security

Prompt Injection as a Supply Chain Risk: When AI Dependencies Are Exploitable

Prompt injection is not just an application vulnerability. When LLMs process content from the software supply chain -- package descriptions, README files, commit messages -- injection becomes a supply chain attack vector.

Jan 20, 20257 min read
ai-security (Page 43) — Safeguard Blog