code-generation
Safeguard articles tagged "code-generation" — guides, analysis, and best practices for software supply chain and application security.
4 articles
The Prompt Injection Problem Hiding Inside Everyday Code ...
AI coding assistants read untrusted files as instructions, not data. Here's how prompt injection sneaks malicious code into your commits — and how to catch it before it ships.
go generate Supply Chain Risks
go generate is a seam where arbitrary commands run with the full privileges of the developer, and it does not show up in any manifest of trusted dependencies.
Auditing AI-Generated Code: A Practical Security Guide
AI code generation tools are producing millions of lines of code daily. Here is a practical framework for auditing AI-generated code for security vulnerabilities and supply chain risks.
AI-Generated Code Security Risks: Copilot, ChatGPT, and the New Attack Surface
AI code assistants are writing a growing share of production code. The security implications are significant and largely unaddressed.