Safeguard
Tag

ai-supply-chain

Safeguard articles tagged "ai-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

18 articles

AI Security

CoSAI Releases Model Signing and Incident Response Frameworks

The Coalition for Secure AI published two operational frameworks in November 2025: Signing ML Artifacts and AI Incident Response. We unpack what each contains and how to adopt them.

Dec 4, 20257 min read
AI Security

Agent Goal Hijacking: Redirecting Autonomous AI Objectives

Attackers are hijacking autonomous AI agents by planting instructions in content they read—no exploit needed. Here's how it works, real 2025 incidents, and defenses.

Nov 16, 20258 min read
AI Security

SPDX 3.0 AI Profile: Building an AIBOM in Practice

SPDX 3.0 was published in March 2025 with a dedicated AI profile and a Dataset profile. We walk through how to produce a defensible AIBOM in SPDX format alongside or in place of CycloneDX.

Sep 18, 20257 min read
Industry Analysis

How Snyk AI-BOM generates a CycloneDX v1.6-compliant ML-BOM

How Snyk's aibom CLI uses static analysis to detect models, agents, and MCP servers, then maps them into a CycloneDX v1.6-compliant ML-BOM structure.

Aug 21, 20257 min read
AI Security

What an AI Model Risk Registry Should Actually Track

Most AI model inventories are name-and-owner spreadsheets. Here's the provenance, licensing, CVE, and revalidation fields a real AI model risk registry needs to track.

Jul 20, 20257 min read
Incident Analysis

DeepSeek ClickHouse Exposure: When the AI Vendor Forgets the Database

In January 2025 Wiz Research found a wide-open ClickHouse instance belonging to AI startup DeepSeek, leaking chat history, API keys, and internal log streams. We unpack the AI-supply-chain implications.

Feb 10, 20257 min read
ai-supply-chain (Page 2) — Safeguard Blog