false-positives
Safeguard articles tagged "false-positives" — guides, analysis, and best practices for software supply chain and application security.
22 articles
Anthropic's Mythos Vulnerability Scanner: An Honest Assessment of Strengths, Weaknesses, and Reasons to Be Cautious
Anthropic's Mythos model is generating buzz for AI-powered vulnerability detection. We break down what it does well, where it struggles, and why security teams should approach the results with healthy skepticism.
The Limits of Single-Model Vulnerability Scanning: A Technical Analysis of the Mythos Approach
Anthropic's Mythos model claims to find vulnerabilities in open-source code using a single LLM. We analyze where this approach falls short and why production-grade zero-day discovery requires Safeguard's Multi-Agent TAOR Deep Think AI Engine.
Why LLM-Based Vulnerability Scanning Needs More Than a Single Model
Large language models are being used to find vulnerabilities in open-source code. But a single model, no matter how capable, isn't enough. Here's why multi-agent orchestration, structured CWE analysis, and deep context matter more than model size.
Reachability Analysis vs. SCA: Which Reduces Your Backlog?
SCA lists every CVE in every dependency. Reachability filters to the ones your code actually invokes. Here is how the two compare on a real backlog.
Sanitizer Detection: Griffin AI vs Mythos
A vulnerability that passes through a working sanitizer is not a vulnerability. Detecting that sanitizer accurately is the difference between actionable findings and noise.
Why Snyk Code's semantic approach produces fewer false po...
Snyk Code cuts SAST false positives using semantic analysis: AST/data-flow graphs plus ML trained on real code, not regex patterns. Here is how the mechanics work.
What is a Reachability Analysis in SCA
Reachability analysis checks whether your code actually calls the vulnerable function inside a dependency — the difference between 400 alerts and 12 that matter.
Static Analysis False-Positive Reduction
A technique-by-technique tour of how modern static analyzers cut false positives, from CodeQL's path pruning to Infer's bi-abduction.
False Positive Rates in Container Scanning: Why Your Scanner Lies to You
Container scanners produce mountains of findings. A significant percentage are false positives. Here is how to measure and manage the noise.
Taming Static Analysis: A Practical Guide to False Positive Reduction
False positives kill SAST adoption faster than anything else. Here is how to cut through the noise without missing real vulnerabilities.