Safeguard
Tag

false-positives

Safeguard articles tagged "false-positives" — guides, analysis, and best practices for software supply chain and application security.

22 articles

AI Security

Anthropic's Mythos Vulnerability Scanner: An Honest Assessment of Strengths, Weaknesses, and Reasons to Be Cautious

Anthropic's Mythos model is generating buzz for AI-powered vulnerability detection. We break down what it does well, where it struggles, and why security teams should approach the results with healthy skepticism.

Apr 10, 202613 min read
AI Security

The Limits of Single-Model Vulnerability Scanning: A Technical Analysis of the Mythos Approach

Anthropic's Mythos model claims to find vulnerabilities in open-source code using a single LLM. We analyze where this approach falls short and why production-grade zero-day discovery requires Safeguard's Multi-Agent TAOR Deep Think AI Engine.

Apr 10, 202610 min read
AI Security

Why LLM-Based Vulnerability Scanning Needs More Than a Single Model

Large language models are being used to find vulnerabilities in open-source code. But a single model, no matter how capable, isn't enough. Here's why multi-agent orchestration, structured CWE analysis, and deep context matter more than model size.

Apr 10, 202611 min read
Vulnerability Management

Reachability Analysis vs. SCA: Which Reduces Your Backlog?

SCA lists every CVE in every dependency. Reachability filters to the ones your code actually invokes. Here is how the two compare on a real backlog.

Apr 8, 20268 min read
AI Security

Sanitizer Detection: Griffin AI vs Mythos

A vulnerability that passes through a working sanitizer is not a vulnerability. Detecting that sanitizer accurately is the difference between actionable findings and noise.

Mar 18, 20265 min read
Application Security

Why Snyk Code's semantic approach produces fewer false po...

Snyk Code cuts SAST false positives using semantic analysis: AST/data-flow graphs plus ML trained on real code, not regex patterns. Here is how the mechanics work.

Sep 13, 20257 min read
Concepts

What is a Reachability Analysis in SCA

Reachability analysis checks whether your code actually calls the vulnerable function inside a dependency — the difference between 400 alerts and 12 that matter.

Nov 12, 20246 min read
Vulnerability Management

Static Analysis False-Positive Reduction

A technique-by-technique tour of how modern static analyzers cut false positives, from CodeQL's path pruning to Infer's bi-abduction.

Aug 22, 20248 min read
Vulnerability Management

False Positive Rates in Container Scanning: Why Your Scanner Lies to You

Container scanners produce mountains of findings. A significant percentage are false positives. Here is how to measure and manage the noise.

May 12, 20245 min read
Application Security

Taming Static Analysis: A Practical Guide to False Positive Reduction

False positives kill SAST adoption faster than anything else. Here is how to cut through the noise without missing real vulnerabilities.

Nov 12, 20227 min read
false-positives (Page 2) — Safeguard Blog