Safeguard
Tag

ai-security

Safeguard articles tagged "ai-security" — guides, analysis, and best practices for software supply chain and application security.

532 articles

AI Security

Securing Model Context Protocol (MCP) servers

MCP server security explained through real 2025 CVEs, tool poisoning, and rug-pull attacks, plus concrete controls security teams need to defend AI agent tool calls.

Jun 14, 20267 min read
AI Security

mcp-scan: detecting malicious MCP tool definitions

MCP lets AI agents call tools via plain-text descriptions the model trusts blindly. Here's how mcp-scan catches poisoning, rug-pulls, and shadowing.

Jun 13, 20266 min read
AI Security

Can AI write secure code? Auditing AI-generated code

AI writes code fast, but studies from 2021 to 2025 show it also reproduces insecure patterns and invents fake dependencies. Here's what the data says.

Jun 13, 20267 min read
AI Security

GitHub Copilot code security: XSS vulnerabilities found in React

Copilot commonly suggests dangerouslySetInnerHTML and unsanitized DOM writes in React. Here's the data on AI-generated XSS risk and how to catch it.

Jun 13, 20267 min read
AI Security

How Copilot amplifies insecure codebases

Copilot writes ~46% of code where enabled, and studies show ~40% of its security-relevant suggestions are vulnerable. Here's the data on the risk.

Jun 12, 20266 min read
AI Security

AI-Generated Code Security: risks and controls

AI now writes up to 40%+ of new code, and models hallucinate nonexistent packages in 5-22% of outputs. Here's why Black Duck-style SCA misses that risk, and what controls actually work.

Jun 12, 20267 min read
AI Security

5 best practices for adopting GitHub Copilot securely

GitHub Copilot has 1.3M+ paid seats. Five concrete, evidence-based practices for locking down content exclusion, licensing, code quality, and prompt injection risk.

Jun 12, 20267 min read
Application Security

Why LLM API keys should be treated as tier-zero secrets

A leaked LLM API key is a blank check and a data pipe in one credential. Here's why it demands tier-zero controls—and why tools like Black Duck never see it.

Jun 12, 20268 min read
AI Security

AI hallucinations and their security implications for developers

LLMs hallucinate nonexistent packages in up to 1 in 5 code samples — and slopsquatting attacks are already exploiting that predictability in the wild.

Jun 12, 20266 min read
Application Security

BSIMM16 report: benchmarking software security program ma...

BSIMM16 shows AI now drives more security program change than any other force, with 111 firms assessed and SBOM use up nearly 30%. Here's what it means — and its blind spots.

Jun 12, 20267 min read
AI Security

Security in AI Systems: What Actually Changes

Security in AI systems isn't a wholly new discipline, but prompt injection, training data provenance, and model supply chains introduce risks traditional AppSec tooling wasn't built to catch.

Jun 10, 20265 min read
AI Security

Introducing Agentic Development Security (ADS)

As AI agents now author up to half of production commits, Safeguard introduces Agentic Development Security (ADS) — a new framework for securing autonomous coding.

Jun 10, 20267 min read
ai-security (Page 9) — Safeguard Blog