Safeguard
Tag

industry-analysis

Safeguard articles tagged "industry-analysis" — guides, analysis, and best practices for software supply chain and application security.

85 articles

Industry Analysis

Multi-Factor Authentication Bypass via Privilege Escalation

Attackers increasingly skip cracking MFA altogether — they escalate privileges around it. Real cases from Microsoft, Uber, and SolarWinds show how, and what actually stops it.

Nov 1, 20257 min read
Industry Analysis

Personal Access Token Security Best Practices

Leaked personal access tokens have driven major supply chain breaches. Here's why PATs are risky, real incidents, and how scoping, rotation, and detection fix it.

Nov 1, 20256 min read
Industry Analysis

Insecure Randomness in Security-Sensitive Code

A single deleted line broke Debian's OpenSSL keys for two years. We break down real insecure randomness vulnerabilities and how Safeguard catches weak PRNGs before attackers do.

Oct 31, 20257 min read
Industry Analysis

Missing Encryption of Sensitive Data

Missing encryption of sensitive data (CWE-311) drove breaches from Equifax to CVS Health. Here's how it happens across the software supply chain and how to catch it early.

Oct 31, 20257 min read
Industry Analysis

Race Conditions (TOCTOU) in Application Code

From Dirty COW to runc's CVE-2021-30465, TOCTOU race conditions keep slipping past code review. Here's why they're invisible to standard tooling — and how to catch them.

Oct 29, 20257 min read
Industry Analysis

How Snyk AI-BOM detects MCP servers connected to an appli...

A technical look at how Snyk's AI-BOM statically detects MCP client-server connections in source code, what CycloneDX data it captures, and where its coverage stops.

Aug 21, 20258 min read
Industry Analysis

How Snyk AI-BOM identifies prompt files and prompt-inject...

How Snyk's AI-BOM tooling discovers prompt files, SKILL.md packages, and MCP tool chains, and the detection engine it uses to flag prompt-injection risk.

Aug 19, 20256 min read
Industry Analysis

How Snyk approaches securing AI-generated code from codin...

A technical look at how Snyk's DeepCode AI engine, Agent Fix, and Snyk Studio MCP server scan and govern code from AI coding assistants like Claude Code and Cursor.

Aug 19, 20258 min read
Industry Analysis

How Snyk's AI-SPM approach extends ASPM concepts to AI sy...

How Snyk's Evo AI-SPM extends ASPM's discover-assess-enforce loop to models, datasets, and agents, based on its March 2026 GA launch and public documentation.

Aug 19, 20258 min read
Industry Analysis

Autocomplete Anxiety: Measuring How Often AI Coding Assis...

Studies show 40-45% of AI-suggested code contains exploitable flaws, and models hallucinate fake packages developers install. Here's what the data says.

Aug 9, 20257 min read
Industry Analysis

Why Scanning AI-Generated Code Requires Different Heurist...

AI coding assistants write fast but fail differently than humans do. Learn why scanning AI-generated code needs new heuristics for hallucinated dependencies.

Aug 9, 20258 min read
Industry Analysis

Do Code Review Practices Need to Change When Half the Cod...

AI now writes up to half of production code. Here is why traditional code review breaks down on AI output, and what teams need to change.

Aug 8, 20257 min read
industry-analysis (Page 6) — Safeguard Blog