industry-analysis
Safeguard articles tagged "industry-analysis" — guides, analysis, and best practices for software supply chain and application security.
85 articles
Multi-Factor Authentication Bypass via Privilege Escalation
Attackers increasingly skip cracking MFA altogether — they escalate privileges around it. Real cases from Microsoft, Uber, and SolarWinds show how, and what actually stops it.
Personal Access Token Security Best Practices
Leaked personal access tokens have driven major supply chain breaches. Here's why PATs are risky, real incidents, and how scoping, rotation, and detection fix it.
Insecure Randomness in Security-Sensitive Code
A single deleted line broke Debian's OpenSSL keys for two years. We break down real insecure randomness vulnerabilities and how Safeguard catches weak PRNGs before attackers do.
Missing Encryption of Sensitive Data
Missing encryption of sensitive data (CWE-311) drove breaches from Equifax to CVS Health. Here's how it happens across the software supply chain and how to catch it early.
Race Conditions (TOCTOU) in Application Code
From Dirty COW to runc's CVE-2021-30465, TOCTOU race conditions keep slipping past code review. Here's why they're invisible to standard tooling — and how to catch them.
How Snyk AI-BOM detects MCP servers connected to an appli...
A technical look at how Snyk's AI-BOM statically detects MCP client-server connections in source code, what CycloneDX data it captures, and where its coverage stops.
How Snyk AI-BOM identifies prompt files and prompt-inject...
How Snyk's AI-BOM tooling discovers prompt files, SKILL.md packages, and MCP tool chains, and the detection engine it uses to flag prompt-injection risk.
How Snyk approaches securing AI-generated code from codin...
A technical look at how Snyk's DeepCode AI engine, Agent Fix, and Snyk Studio MCP server scan and govern code from AI coding assistants like Claude Code and Cursor.
How Snyk's AI-SPM approach extends ASPM concepts to AI sy...
How Snyk's Evo AI-SPM extends ASPM's discover-assess-enforce loop to models, datasets, and agents, based on its March 2026 GA launch and public documentation.
Autocomplete Anxiety: Measuring How Often AI Coding Assis...
Studies show 40-45% of AI-suggested code contains exploitable flaws, and models hallucinate fake packages developers install. Here's what the data says.
Why Scanning AI-Generated Code Requires Different Heurist...
AI coding assistants write fast but fail differently than humans do. Learn why scanning AI-generated code needs new heuristics for hallucinated dependencies.
Do Code Review Practices Need to Change When Half the Cod...
AI now writes up to half of production code. Here is why traditional code review breaks down on AI output, and what teams need to change.