Safeguard
Tag

github-copilot

Safeguard articles tagged "github-copilot" — guides, analysis, and best practices for software supply chain and application security.

14 articles

AI Security

Concrete guardrails for AI coding assistants

40% of Copilot-generated code contained CWE Top 25 flaws in a 2022 study. Here are the prompt, scanning, and review gates that actually stop AI-written risk.

Jul 9, 20266 min read
AI Security

The supply-chain and IP risk hiding inside AI coding assistants

GitHub has disclosed that Copilot suggestions match training-set code verbatim about 1% of the time — and a class action over it is still being argued in 2026.

Jul 8, 20267 min read
AI Security

AI Developer Tools: Weighing Productivity Against Security and IP Exposure

NYU found 40% of Copilot-generated code contained exploitable flaws; Samsung banned ChatGPT after three leaks in under 20 days. The productivity math still isn't simple.

Jul 8, 20267 min read
AI Security

Security Practices for GitHub Copilot and AI Coding Assistants

Copilot suggested 2,702 hardcoded secrets from just 900 prompts in one study, and at least 200 were live credentials — adoption without policy is a leak waiting to happen.

Jul 8, 20266 min read
AI Security

Securing AI coding assistants (Claude Code, Copilot, etc.)

AI coding assistants like Claude Code and Copilot introduce new supply chain risks. Here's what's actually going wrong and how to secure your pipeline.

Jun 24, 20267 min read
AI Security

GitHub Copilot code security: XSS vulnerabilities found in React

Copilot commonly suggests dangerouslySetInnerHTML and unsanitized DOM writes in React. Here's the data on AI-generated XSS risk and how to catch it.

Jun 13, 20267 min read
AI Security

How Copilot amplifies insecure codebases

Copilot writes ~46% of code where enabled, and studies show ~40% of its security-relevant suggestions are vulnerable. Here's the data on the risk.

Jun 12, 20266 min read
AI Security

5 best practices for adopting GitHub Copilot securely

GitHub Copilot has 1.3M+ paid seats. Five concrete, evidence-based practices for locking down content exclusion, licensing, code quality, and prompt injection risk.

Jun 12, 20267 min read
AI Security

AI Coding Assistant Security: 2026 Buyer Comparison

A security-focused buyer comparison of AI coding assistants in 2026: code quality risk, data exfiltration controls, license exposure, and policy enforcement.

Apr 25, 20265 min read
AI Security

Supply Chain Risks of AI Coding Assistants

Copilot, Cursor, and Claude Code change what enters your codebase and how. A practitioner's map of the real supply chain risks — hallucinated packages, rules-file injection, and unreviewed transitive trust.

Apr 11, 20266 min read
AI Security

GenAI Code Assistants and Package Hallucination: 2026 Update

LLM-suggested package names that do not exist are a registered attack vector in 2026. Here is where hallucination rates sit today and how to contain them.

Mar 18, 20267 min read
AI Security

Griffin AI vs GitHub Copilot for Vulnerability Fixing

GitHub Copilot suggests fixes. Griffin AI generates fix PRs with taint paths and disproof attached. The difference is review burden.

Feb 28, 20262 min read
github-copilot — Safeguard Blog