Safeguard
Tag

llm

Safeguard articles tagged "llm" — guides, analysis, and best practices for software supply chain and application security.

33 articles

AI Security

LLM-assisted vulnerability autofixing: approaches and how to validate the patches

At DARPA's AIxCC finals in August 2025, AI systems patched 68% of vulnerabilities they found — up from 25% at semifinals. Here's how the approaches differ and why validation still matters most.

Jul 8, 20267 min read
Buyer's Guides

AI Code Review Tools Compared: An Honest 2026 Guide

A balanced 2026 comparison of AI code review tools — GitHub Copilot, CodeRabbit, Qodo, Graphite, Amazon Q, Snyk DeepCode — with honest tradeoffs, the security gap, and where Safeguard fits.

Jul 3, 20266 min read
AI Security

Building an Eval Suite for Your Security LLM Workflows

If you use an LLM anywhere in your security program — triage, remediation, detection — you need an eval suite with the same rigor as your test suite. Here is a concrete harness: datasets, thresholds, CI gates, and drift detection.

Apr 22, 20268 min read
AI Security

Zero-Day Discovery With LLM-Augmented Reachability: A Safeguard Engine Walkthrough

Pattern-matching scanners miss zero-days by definition. An engine that follows taint across package boundaries plus a model that hypothesizes exploit conditions can find what either would miss alone. Here is how that pipeline works end to end.

Apr 19, 20268 min read
AI Security

Frontier LLM Vendors Are Not Your Supply Chain Security Vendor

Coding agents from OpenAI, Anthropic, and Google are excellent tools. They are also not supply chain security platforms, and the assumption that they can replace one is already producing expensive gaps.

Apr 16, 20267 min read
AI Security

Why LLMs Are Structurally Insecure (and What That Means for Your Pipeline)

Language models are not insecure because of a bug you can patch. They are insecure by construction — non-deterministic, context-poisonable, and unreproducible. Here is how to reason about them without pretending otherwise.

Apr 12, 20267 min read
AI Security

The Limits of Single-Model Vulnerability Scanning: A Technical Analysis of the Mythos Approach

Anthropic's Mythos model claims to find vulnerabilities in open-source code using a single LLM. We analyze where this approach falls short and why production-grade zero-day discovery requires Safeguard's Multi-Agent TAOR Deep Think AI Engine.

Apr 10, 202610 min read
AI Security

Why LLM-Based Vulnerability Scanning Needs More Than a Single Model

Large language models are being used to find vulnerabilities in open-source code. But a single model, no matter how capable, isn't enough. Here's why multi-agent orchestration, structured CWE analysis, and deep context matter more than model size.

Apr 10, 202611 min read
AI Security

LLM Traces and Evals: The Missing Layer in AI Supply Chain Security

Prompt traces and offline evals are standard hygiene for ML teams, but almost nobody treats them as supply chain telemetry. They should be. Here's how traces and evals plug into SBOM and reachability as a fourth security signal.

Apr 8, 20267 min read
AI Security

Prompt Injection in RAG: Indirect Attacks

A senior engineer's breakdown of indirect prompt injection in RAG pipelines, how real attacks land through retrieved content, and what actually reduces exposure.

Apr 5, 20267 min read
AI Security

Fine-Tuning Poisoning Detection for Supply Chains

Fine-tuning inherits every problem of the base model and adds dataset provenance as a new one. Here is how detection actually works in practice.

Feb 27, 20267 min read
AI Security

Agent-to-Agent Security in Multi-Agent Systems

Multi-agent systems inherit every trust problem of single-agent systems and add a few more. Here is how the threat model actually shifts.

Feb 22, 20267 min read
llm — Safeguard Blog