copilot
Safeguard articles tagged "copilot" — guides, analysis, and best practices for software supply chain and application security.
5 articles
A vendor-neutral checklist for rolling out AI coding assistants safely
437,000+ downloads of a vulnerable mcp-remote bridge and a backdoored Postmark MCP server prove AI assistants are now a live supply-chain surface, not a theoretical one.
Copilot Code Review Security: What It Misses
Copilot's code review is useful. It is also not a security review, and treating it as one is how vulnerabilities ship. Here is what it actually catches.
EchoLeak (CVE-2025-32711): The First Zero-Click LLM Exfiltration in Production
Aim Security's CVE-2025-32711 exfiltrated Microsoft 365 Copilot data via a single crafted email. The XPIA classifier failed, CSP let attackers through, and CVSS 9.3 followed.
EchoLeak (CVE-2025-32711): The First Zero-Click Production LLM Exfiltration
A single crafted email could exfiltrate data from Microsoft 365 Copilot without a user click. We walk the attack chain, the patch, and the lessons for agent operators.
AI Code Assistants and Security: The Hidden Risks in 2025
AI coding assistants are generating millions of lines of production code. But they also introduce dependency hallucinations, insecure patterns, and supply chain risks that security teams need to address.