Safeguard
Tag

attack-classes

Safeguard articles tagged "attack-classes" — guides, analysis, and best practices for software supply chain and application security.

5 articles

AI Security

XSS Variants: Griffin AI vs Mythos

Stored, reflected, DOM, mutation, and template-injection XSS each live in a different part of the application and demand a different analysis. Griffin's engine understands template contexts, framework escaping rules, and client-side sinks; Mythos reads HTML and hopes. The difference shows up the moment you leave textbook territory.

Feb 12, 20267 min read
AI Security

Path Traversal: Griffin AI vs Mythos

Path traversal is the vulnerability class that punishes lazy analysis. Framework-specific path normalisation, OS-dependent separators, symbolic link resolution, and archive extraction all hide exploitable gaps behind code that looks defensive. Griffin's engine resolves path operations with actual semantics; Mythos reads the variable name and calls it a day.

Feb 4, 20267 min read
AI Security

SSRF Detection: Griffin AI vs Mythos

Server-side request forgery is a test of how well your scanner understands the boundary between trusted and untrusted URLs. Griffin's engine resolves URL construction through string builders, template engines, and HTTP client configuration; Mythos reads the code and guesses. On modern applications that is the difference between a finding you can ship and a finding you cannot defend.

Jan 28, 20267 min read
AI Security

Deserialization Vulnerabilities: Griffin AI vs Mythos

Unsafe deserialization looks obvious on a slide and impossible on a real codebase. Sinks are language-specific, gadgets live in third-party libraries, and the tainted byte can arrive wrapped in six layers of framework ceremony. Griffin's engine-plus-LLM design handles each of those concerns separately; Mythos-style pure-LLM scanners blur them into pattern-matching.

Jan 20, 20267 min read
AI Security

SQL Injection Chains: Griffin AI vs Mythos

SQL injection stopped being a single-line bug years ago. Modern chains stitch a tainted parameter through ORMs, caches, background jobs, and downstream services. Griffin AI's engine-plus-LLM architecture follows the taint across those hops; Mythos-class pure-LLM scanners summarise one file at a time and lose the thread.

Jan 13, 20267 min read
attack-classes — Safeguard Blog