ai-security
Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.
532 articles
What Is an AIBOM (AI Bill of Materials)? A 2026 Primer
An SBOM tells you what code you ship. An AIBOM answers the question that has no good answer today: what models, datasets, and prompts is our AI actually built on — and where did they come from?
Choosing a security tool for AI-generated code
GitHub reported in 2024 that Copilot writes up to 46% of code in enabled files — the same vulnerability classes humans write, now shipped at machine speed.
How the security industry is scaling partnerships for AI risk
No vendor covers model security, agent runtime policy, supply-chain risk, and code-level AppSec alone — partner-sourced ARR at one major vendor grew over 6x from 2023 to 2025.
How to build and justify an AI security budget
CVE-2025-6514 let a flawed MCP proxy escalate to full remote code execution — a preview of why AI/agentic risk needs its own budget line, not a slice of the AppSec line.
What agentic coding environments reveal about developer risk
Snyk analyzed nearly 10,000 real developer environments and found 43% run 2+ AI coding tools at once — with MCP servers and skills quietly widening the attack surface.
Safeguard Expands Into a Unified, AI-Native Defensive Security Platform
Safeguard is growing from a posture and findings platform into a first-party detection and prevention platform — first-party AppSec, defensive red-teaming, AI security, data security, runtime/CNAPP, and a supply-chain package firewall — all feeding one prioritized findings model.
AI Supply Chain Security: Securing Models and Datasets
Your AI supply chain is not just your npm dependencies anymore. It is the models you download, the weights you load, and the datasets you train on — and each is an attack surface most software security programs have never inventoried.
Governing MCP tools with per-tenant feature flags
Safeguard's MCP server exposes 650+ tools. Here's how per-tool feature flags keep each tenant scoped to exactly what it needs — with safe defaults and a fail-safe that narrows, never widens, on error.
Securing AI Coding Assistants: Guardrails That Hold
AI coding assistants are in nearly every IDE now. Banning them fails; trusting them blindly fails harder. The middle path is guardrails — technical controls that let assistants move fast without letting them ship the wrong thing.
The LLM Application Security Checklist (2026)
You are shipping an LLM feature. Before it goes live, walk this checklist — organized around the OWASP Top 10 for LLM Applications — to catch the risks that matter most in production.
Securing Hugging Face Models: A Practical Safety Guide
Hugging Face is the npm of machine learning, and it inherits npm's problems. Malicious weights, pickle payloads, and leaked Space secrets are all live risks — here is how to pull models safely.
AI Code Review and Security: Reviewer, Reviewed, or Both?
AI can review pull requests and AI can write them — sometimes in the same workflow. Both roles carry security implications teams routinely underestimate. Here is how to get the benefit without the blind spots.