griffin-ai
Safeguard articles tagged "griffin-ai" — guides, analysis, and best practices for software supply chain and application security.
180 articles
Human Review Gate For AI-Generated Fix PRs
AI-authored fix PRs are only safe when there is a deliberate human review gate in front of them. Here is how to build one that is fast and trustworthy.
From CVE To Zero-Day: The Pipeline Flip
Most security pipelines are organised around CVEs that already exist. Here is what changes when you flip the pipeline to surface zero-days first instead.
Real-World Deployment: Griffin AI vs Mythos
Demos live on a single repo and a curated dataset. Real deployments hit fifty repos, three CI providers, two cloud accounts, and an air-gapped environment. The gap is where vendors get sorted.
Breaking-Change-Aware Remediation In 2026
Most fix PRs fail because they ignore breaking changes in the patched version. Here is how breaking-change-aware remediation closes vulns without regressions.
Safeguard Griffin AI: Eval Benchmarks Published
Griffin AI's evaluation harness results published for the first time. Benchmark methodology, comparison against baselines, and what the numbers mean for production use.
Responsible Disclosure For Discovered Zero-Days
When your pipeline starts producing zero-days, you inherit responsible disclosure obligations. Here is how to do it well, with the artefacts the pipeline already gives you.
Transitive Dependency Fix Cascades, Managed
Fixing a transitive dependency is rarely a single bump. It is a cascade. Here is how to manage those cascades without flooding reviewers or breaking builds.
Scaling Across Repos: Griffin AI vs Mythos
Multi-repo security reasoning is a graph problem, not a retrieval problem. How Griffin AI's engine scales where pure-LLM products flatten into guesswork.
Engine-Plus-LLM vs Pure-LLM Bug Hunters
The difference between an engine-plus-LLM bug hunter and a pure-LLM one is not a tuning detail. It is a structural divide that determines whether the findings are usable.
From Finding To Merged Fix In An Hour
A one-hour cycle from vulnerability finding to merged fix is achievable in 2026, but only with a pipeline designed for it. Here is what that pipeline looks like.
Tool-Call Hijacking: Griffin AI vs Mythos
A hijacked tool call is more consequential than a hijacked response. The defence requires the tool layer to police the model, not the other way around.
Griffin AI vs Sourcegraph Cody for Security Use
Cody's codebase-wide context is valuable for security review. Griffin AI adds reachability, taint, and policy grounding that Cody doesn't target.