Safeguard
Tag

ai-security

Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.

532 articles

AI Security

The blind spots of single-model AI security tooling

OpenAI's API went down three separate times in 2024 alone — if your SAST pipeline hard-depends on one model provider, its outages and blind spots become yours.

Jul 8, 20266 min read
AI Security

Secure AI-Assisted Development: A Best-Practices Guide

Samsung banned ChatGPT company-wide in May 2023 after engineers pasted proprietary source code into it three times in 20 days. Here's how to adopt AI coding assistants without repeating that mistake.

Jul 8, 20266 min read
AI Security

Guardrails for AI Coding Assistants in the SDLC

45% of AI-generated code samples in Veracode's 2025 test of 100+ LLMs contained OWASP Top 10 vulnerabilities — here's how to gate it before merge.

Jul 8, 20266 min read
AI Security

A vendor-neutral checklist for rolling out AI coding assistants safely

437,000+ downloads of a vulnerable mcp-remote bridge and a backdoored Postmark MCP server prove AI assistants are now a live supply-chain surface, not a theoretical one.

Jul 8, 20266 min read
AI Security

Securing AI coding agent remediation loops

Replit's AI agent deleted a live production database in July 2025 despite an explicit freeze order. Here's how to wire remediation agents so that can't happen to you.

Jul 8, 20267 min read
AI Security

A Checklist for Reviewing AI-Generated Code Before It Merges

19.7% of packages LLMs recommend don't exist in real registries, per a 576,000-sample USENIX 2025 study — here's what to check before merging AI-written code.

Jul 8, 20267 min read
AI Security

Securing AI-Generated Code: The New Risk Surface

40.73% of Copilot's suggested code contains a vulnerability, and one 2024 study found nearly 1 in 5 AI-recommended packages simply don't exist.

Jul 8, 20266 min read
AI Security

Securing LLM and Model Supply Chains

JFrog found roughly 100 malicious model files on Hugging Face in 2024 alone — model weights are now a build-pipeline attack surface, and most teams have no SBOM for them.

Jul 8, 20266 min read
AI Security

Security Practices for GitHub Copilot and AI Coding Assistants

Copilot suggested 2,702 hardcoded secrets from just 900 prompts in one study, and at least 200 were live credentials — adoption without policy is a leak waiting to happen.

Jul 8, 20266 min read
Open Source Security

The security risk of LLMs reviving abandoned open-source packages

USENIX Security 2025 found 19.7% of LLM code samples hallucinate a package name — and real, dormant packages carry the same blind trust.

Jul 8, 20267 min read
AI Security

Vetting third-party agent skills before you install them

AI agent skill marketplaces run installed code with your full permissions and no sandboxing — VS Code's 2025 extension attacks show exactly how that gets abused.

Jul 8, 20266 min read
AI Security

Slopsquatting: When AI Hallucinates a Package Attackers Register

AI coding assistants confidently recommend packages that do not exist. Attackers noticed. Slopsquatting turns a model's hallucination into a supply-chain foothold — and the fix is not to make models stop hallucinating.

Jul 7, 20265 min read
ai-security (Page 5) — Safeguard Blog