claude-code
Safeguard articles tagged "claude-code" — guides, analysis, and best practices for software supply chain and application security.
10 articles
Least-Privilege Tool Scoping for AI Coding Agents
One overprivileged GitHub token let researchers hijack an AI agent into leaking private repo data via a public issue. Scoping tool access closes that gap.
A vendor-neutral checklist for rolling out AI coding assistants safely
437,000+ downloads of a vulnerable mcp-remote bridge and a backdoored Postmark MCP server prove AI assistants are now a live supply-chain surface, not a theoretical one.
AI Coding Assistant Security FAQ: Risks and Controls for 2026
Straight answers on securing AI coding assistants like Claude Code, Cursor, and Cline — the real risks, data-leakage paths, insecure output, and how to add guardrails without slowing developers.
Securing AI coding assistants (Claude Code, Copilot, etc.)
AI coding assistants like Claude Code and Copilot introduce new supply chain risks. Here's what's actually going wrong and how to secure your pipeline.
Securing AI coding assistants: governance patterns for to...
AI coding assistants like Claude Code and Cursor now write, install, and execute code with minimal oversight. Here's the governance framework that closes the gap JFrog's artifact scanning leaves open.
GenAI Code Assistants and Package Hallucination: 2026 Update
LLM-suggested package names that do not exist are a registered attack vector in 2026. Here is where hallucination rates sit today and how to contain them.
ToxicSkills: When Claude Skills Become a Malware Distribution Channel
Snyk's ToxicSkills research found prompt injection in 36% of Claude skills tested and 1,467 malicious payloads. The SKILL.md trust model is the structural issue.
Claude Code Coding Agent: Security Posture Review
A working review of Claude Code's security posture, sandboxing model, and the practical controls enterprises need to deploy it safely at scale.
MCP vs Skills vs Hooks vs Rules Explained
MCP, Skills, hooks, and rules extend AI coding agents in very different ways — two execute code, two only steer behavior. Here's how each one breaks.
Securing Claude Code MCP Server Deployments
Claude Code MCP servers run with the privileges of the developer who invoked them. That makes deployment posture the entire security model.