Safeguard
Tag

least-privilege

Safeguard articles tagged "least-privilege" — guides, analysis, and best practices for software supply chain and application security.

46 articles

AI Security

Least-Privilege Tool Scoping for AI Coding Agents

One overprivileged GitHub token let researchers hijack an AI agent into leaking private repo data via a public issue. Scoping tool access closes that gap.

Jul 9, 20267 min read
Cloud Security

A guide to AWS IAM permissions boundaries for delegated administration

AWS IAM lets any principal with iam:CreateRole and iam:AttachRolePolicy hand themselves admin — permissions boundaries are the one native control built to stop it.

Jul 8, 20265 min read
Kubernetes Security

Designing Least-Privilege Kubernetes RBAC: A Practical Guide

CVE-2018-1002105 (CVSS 9.8) let an unauthenticated request reach cluster-admin through pod exec endpoints — most RBAC breaches since trace back to the same handful of over-broad bindings.

Jul 8, 20267 min read
Vulnerability Guides

What Is Privilege Escalation? A 2026 Explainer

Privilege escalation is how a limited foothold becomes full control. This explainer covers vertical vs. horizontal paths across Linux, containers, and cloud IAM.

Jul 7, 20265 min read
AI Security

Governing MCP tools with per-tenant feature flags

Safeguard's MCP server exposes 650+ tools. Here's how per-tool feature flags keep each tenant scoped to exactly what it needs — with safe defaults and a fail-safe that narrows, never widens, on error.

Jul 6, 20263 min read
AI Security

Securing AI Coding Assistants: Guardrails That Hold

AI coding assistants are in nearly every IDE now. Banning them fails; trusting them blindly fails harder. The middle path is guardrails — technical controls that let assistants move fast without letting them ship the wrong thing.

Jul 5, 20265 min read
Security Guides

Database Credential Security (2026 Guide)

Database credentials are the last door between an attacker and your data. This guide covers eliminating static passwords with IAM auth, scoping least privilege, rotating safely, and detecting leaked connection strings.

Jul 4, 20266 min read
Cloud Security

AWS IAM Security Best Practices: A 2026 Field Guide

IAM is where most AWS breaches actually happen. This field guide covers least privilege, role assumption, permission boundaries, and the policy patterns that keep blast radius small.

Jul 3, 20265 min read
Container Security

Kubernetes RBAC Security: Least Privilege That Actually Holds

Wildcard verbs, cluster-admin bindings, and forgotten service account tokens turn RBAC into a rubber stamp. Here is how to design roles that contain a breach instead of amplifying it.

Jul 3, 20266 min read
AI Security

What Is Agentic Development Security?

When an AI agent can read your repo, run commands, open pull requests, and call external tools on its own, the security model shifts from reviewing code to governing an actor. Here is what agentic development security means and why it is different.

Jul 2, 20266 min read
AI Security

MCP Server Security: 8 Best Practices for 2026

The Model Context Protocol connects AI agents to your tools and data. That power cuts both ways. Here are eight concrete practices for running MCP servers without handing attackers a remote control.

Jul 2, 20265 min read
Concepts

The Principle of Least Privilege, Explained

Least privilege means every user, service, and process gets exactly the access it needs to do its job — and nothing more. Here's why it contains breaches and how to implement it without breaking things.

Jul 2, 20267 min read
least-privilege (Page 2) — Safeguard Blog