Safeguard
Tag

llm-security

Safeguard articles tagged "llm-security" — guides, analysis, and best practices for software supply chain and application security.

108 articles

AI Security

Can AI-Generated Code Be Trusted? A Security Review

A 2025 USENIX study found LLMs hallucinate nonexistent packages in up to 21.7% of code samples — and attackers are already registering the names.

Jul 13, 20267 min read
AI Security

Practical DLP controls for generative AI tools

Samsung engineers leaked chip source code into ChatGPT three times in 20 days. Here's how to build DLP controls that stop the next leak before it happens.

Jul 10, 20267 min read
AI Security

The OWASP Top 10 for LLM Applications, Explained With Real Examples

OWASP's LLM security list has grown from a 2023 side project into a 600+ expert initiative. Here's what each of the ten risks actually looks like in production.

Jul 10, 20268 min read
Application Security

Symbolic Reasoning vs. LLMs: Which Static Analysis Actually Finds Bugs?

The CASTLE benchmark tested 13 static analyzers and 10 LLMs on 250 programs — neither approach won outright, and the reasons why matter for your AppSec stack.

Jul 10, 20266 min read
AI Security

AI risk management best practices: a lifecycle framework

NIST's AI RMF has four functions and MITRE ATLAS now tracks 84 adversarial techniques — most AI risk programs still only cover one lifecycle stage.

Jul 9, 20266 min read
AI Security

When Shared AI Chats Become Public Search Results

In July 2025, ~4,500 shared ChatGPT conversations turned up indexed on Google. Here's why sharable AI chats leak, and how enterprises stop it at the gateway.

Jul 9, 20266 min read
AI Security

A risk framework for enterprise AI coding and agent tool rollouts

Samsung banned ChatGPT company-wide after three leaks in 20 days. A working framework for data exposure, model supply chain, and access control risk.

Jul 9, 20267 min read
AI Security

Why traditional AppSec still catches most enterprise AI agent bugs

OWASP's LLM Top 10 names new categories, but most enterprise agent breaches trace back to broken access control and unvalidated input — the classics.

Jul 9, 20266 min read
AI Security

A Reproducible Rubric for Measuring Prompt-Injection Risk in Agent Skills

OWASP has ranked prompt injection the #1 LLM risk for two straight editions, yet almost no one scores agent skill packages for it consistently. Here's a rubric.

Jul 9, 20266 min read
AI Security

The OWASP Top 10 for LLM Applications, Explained

The OWASP LLM Top 10 is the closest thing the field has to a shared checklist for AI security. Here is what each of the ten risks actually means, in plain language, with the defenses that matter.

Jul 8, 20266 min read
AI Security

Red-Teaming AI Applications: A Field Guide

You cannot secure an LLM application by reading its code alone. You have to attack it the way an adversary will — with language, with poisoned content, and with the goal of making it do something it should not. Here is how to run an AI red team.

Jul 8, 20265 min read
AI Security

Integrating AI Tools Without Expanding Your Attack Surface

Stanford researchers found developers using AI coding assistants wrote more security bugs — and felt more confident in them. Here's how to adopt AI safely.

Jul 8, 20268 min read
llm-security — Safeguard Blog