ai-security
Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.
532 articles
AI Data Poisoning Defense: Protecting Models from Tainted Data
You do not need to corrupt most of a training set to backdoor a model — recent research suggests a small, near-constant number of poisoned documents can be enough. Defense starts with treating data as a dependency.
AIBOM (AI Bill of Materials): Frequently Asked Questions
A practical FAQ on AI bills of materials in 2026 — what an AIBOM captures, how it extends SBOMs to models and datasets, model provenance risks, formats, and governance drivers.
LLM Jailbreak Prevention: A Defense-in-Depth Playbook
A jailbreak is not the same thing as a prompt injection, and conflating them leads to defenses that miss. Here is how modern jailbreaks actually work and the layered controls that hold the line.
Prompt Injection Prevention: A Defense-in-Depth Guide
Prompt injection is the top risk on the OWASP list for LLM applications for a reason: there is no single patch. Preventing it means layering controls around a model that cannot reliably tell instructions from data.
AI Model Supply Chain Attacks: How Weights Become Malware
You would never run an unknown binary from a stranger, but teams pull unknown model weights off public hubs every day. Loading them can be code execution — and that is only the most obvious link in the chain.
What Is Agentic Development Security?
When an AI agent can read your repo, run commands, open pull requests, and call external tools on its own, the security model shifts from reviewing code to governing an actor. Here is what agentic development security means and why it is different.
MCP Server Security: 8 Best Practices for 2026
The Model Context Protocol connects AI agents to your tools and data. That power cuts both ways. Here are eight concrete practices for running MCP servers without handing attackers a remote control.
Securing Vector Databases: The Overlooked Attack Surface in AI Apps
Vector databases became critical infrastructure the moment RAG went mainstream, but most are deployed with the security posture of a cache. Embeddings leak, indexes get poisoned, and tenants bleed into each other.
AI Security Software: A Buyer's Guide for 2026
The label 'AI security software' now covers two different markets — tools that secure AI systems, and security tools powered by AI. How to tell them apart, what to evaluate, and the questions that expose thin products.
How Copilot Autofix generates AI-powered vulnerability fi...
Copilot Autofix pairs CodeQL with an LLM to patch code-scanning alerts up to 3x faster. Here's how it works, its limits, and where supply chain risk still slips through.
AI Agent Tool-Use Security: Locking Down What Agents Can Do
The moment you give an LLM tools, it stops being a chatbot and becomes an actor in your systems. Tool-use security is about making sure a compromised agent hits a wall instead of a credential.
RAG Security Best Practices for 2026
Retrieval-augmented generation wired an untrusted-content pipeline straight into your model's context window. Here are the practices that keep a poisoned document or a leaked chunk from becoming an incident.