ai-security
Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.
532 articles
Securing AI-Generated Code: A Practical 2026 Guide
AI now writes a large share of the code shipping to production, and it reproduces the same insecure patterns humans do — at machine speed. Here is how to keep AI-authored code from becoming your next incident.
Securing AI coding assistants (Claude Code, Copilot, etc.)
AI coding assistants like Claude Code and Copilot introduce new supply chain risks. Here's what's actually going wrong and how to secure your pipeline.
Prompt Injection Examples: Attacks Seen in the Wild
From hidden text in resumes to poisoned web pages that hijack AI browsing agents, prompt injection has moved from research demos to real incidents. Here are the patterns and what actually blunts them.
What is AI Code Remediation?
AI code remediation turns vulnerability findings into ready-to-merge patches. Here's how it works, where Veracode's approach falls short, and how Safeguard closes the gap.
What is Vibe Coding (and its security risk)?
Vibe coding lets AI write your app while you skip the review. Veracode found 45% of AI-generated code is vulnerable. Here's the risk, and how Safeguard closes the gap.
AI Code Security Tools: risks of restricting them
Banning AI coding assistants doesn't remove the risk, it just removes visibility. Here's why restriction backfires and what actually secures AI-generated code.
Building Securely with AI (secure AI-assisted development)
AI coding assistants ship code fast — Veracode found 45% of AI-generated code contains security flaws. Here's what secure AI-assisted development actually requires.
AIBOM in 2026: Treating AI Models as a Software Supply Chain
The AI bill of materials is graduating from optional security artifact to procurement requirement. Here is what AIBOM/ML-BOM actually tracks in 2026, how it ties to the EU AI Act, and where it still falls short.
Application Security Strategy for 2026: AI, DevSecOps, an...
AppSec platform consolidation is reshaping 2026 strategy. See how it compares to Veracode's approach and where Safeguard fits in a unified DevSecOps stack.
OWASP Top 10 for LLM Applications explained
A breakdown of the 2025 OWASP Top 10 for LLM Applications—prompt injection, supply chain, excessive agency—with real examples and fixes.
Prompt injection attacks: direct vs indirect
Direct prompt injection comes from the chat box; indirect injection hides in the data your AI agent trusts. Here's how the two attack types differ and what stops each.
Agent hijacking: the real-world impact of prompt injection
From a zero-click Microsoft 365 Copilot breach to poisoned MCP servers, AI agent hijacking is now a real, documented software supply chain threat.