Safeguard
Tag

claude-code

Safeguard articles tagged "claude-code" — guides, analysis, and best practices for software supply chain and application security.

10 articles

AI Security

Least-Privilege Tool Scoping for AI Coding Agents

One overprivileged GitHub token let researchers hijack an AI agent into leaking private repo data via a public issue. Scoping tool access closes that gap.

Jul 9, 20267 min read
AI Security

A vendor-neutral checklist for rolling out AI coding assistants safely

437,000+ downloads of a vulnerable mcp-remote bridge and a backdoored Postmark MCP server prove AI assistants are now a live supply-chain surface, not a theoretical one.

Jul 8, 20266 min read
FAQ

AI Coding Assistant Security FAQ: Risks and Controls for 2026

Straight answers on securing AI coding assistants like Claude Code, Cursor, and Cline — the real risks, data-leakage paths, insecure output, and how to add guardrails without slowing developers.

Jul 5, 20266 min read
AI Security

Securing AI coding assistants (Claude Code, Copilot, etc.)

AI coding assistants like Claude Code and Copilot introduce new supply chain risks. Here's what's actually going wrong and how to secure your pipeline.

Jun 24, 20267 min read
AI Security

Securing AI coding assistants: governance patterns for to...

AI coding assistants like Claude Code and Cursor now write, install, and execute code with minimal oversight. Here's the governance framework that closes the gap JFrog's artifact scanning leaves open.

May 28, 20267 min read
AI Security

GenAI Code Assistants and Package Hallucination: 2026 Update

LLM-suggested package names that do not exist are a registered attack vector in 2026. Here is where hallucination rates sit today and how to contain them.

Mar 18, 20267 min read
Agent Security

ToxicSkills: When Claude Skills Become a Malware Distribution Channel

Snyk's ToxicSkills research found prompt injection in 36% of Claude skills tested and 1,467 malicious payloads. The SKILL.md trust model is the structural issue.

Feb 4, 20267 min read
AI Security

Claude Code Coding Agent: Security Posture Review

A working review of Claude Code's security posture, sandboxing model, and the practical controls enterprises need to deploy it safely at scale.

Jan 30, 20265 min read
AI Security

MCP vs Skills vs Hooks vs Rules Explained

MCP, Skills, hooks, and rules extend AI coding agents in very different ways — two execute code, two only steer behavior. Here's how each one breaks.

Jan 21, 20268 min read
AI Security

Securing Claude Code MCP Server Deployments

Claude Code MCP servers run with the privileges of the developer who invoked them. That makes deployment posture the entire security model.

Jan 12, 20267 min read
claude-code — Safeguard Blog