Safeguard
Tag

llm-security

Safeguard articles tagged "llm-security" — guides, analysis, and best practices for software supply chain and application security.

108 articles

Application Security

How AI-powered SAST auto-fix engines actually work

GitHub says Copilot Autofix resolves two-thirds of flagged vulnerabilities with little editing; Snyk claims 80% fix accuracy. Here's the pipeline behind both numbers.

Jul 8, 20268 min read
AI Security

AI Red Teaming vs. AI-SPM: Why You Need Both

OWASP's 2025 LLM Top 10 and MITRE ATLAS both treat adversarial testing and posture scanning as separate disciplines — most AI programs still run only one.

Jul 8, 20265 min read
AI Security

Code injection risks in GenAI-generated code

Nearly 40% of GitHub Copilot's suggested programs contain exploitable vulnerabilities, and 19.7% of AI-generated code samples reference packages that don't exist.

Jul 8, 20267 min read
AI Security

Guardrails for Autonomous AI Agents: Allowlisting, Validation, and Human-in-the-Loop

OWASP's 2025 LLM Top 10 splits Excessive Agency into three root causes. Here's how tool allowlisting, output validation, and approval gates address each one.

Jul 8, 20266 min read
AI Security

Mapping the blast radius of a vulnerable AI infrastructure dependency

One Ray dashboard flaw let attackers hit hundreds of exposed AI servers. SBOM plus call-graph data is how you find every service that shares the exposure.

Jul 8, 20266 min read
AI Security

OWASP Top 10 for LLM Applications: A Practical Walkthrough

OWASP's 2025 LLM Top 10 added three new categories in one revision — here's what changed, why, and concrete mitigation patterns for each risk.

Jul 8, 20267 min read
AI Security

The blind spots of single-model AI security tooling

OpenAI's API went down three separate times in 2024 alone — if your SAST pipeline hard-depends on one model provider, its outages and blind spots become yours.

Jul 8, 20266 min read
AI Security

A Checklist for Reviewing AI-Generated Code Before It Merges

19.7% of packages LLMs recommend don't exist in real registries, per a 576,000-sample USENIX 2025 study — here's what to check before merging AI-written code.

Jul 8, 20267 min read
Application Security

Can an LLM find the same bug twice? What repeatability benchmarking reveals

In a 300-run benchmark, the best LLM scanner hit 75.4% F1 while a deterministic SAST baseline hit 100% — but the real story is in what varies between runs.

Jul 7, 20266 min read
Buyer's Guides

Best AI Code Security Tools in 2026: An Honest Buyer's Guide

A balanced 2026 comparison of tools for securing AI-generated code and AI-native applications — Semgrep, CodeQL with Copilot Autofix, Snyk, Socket, Endor Labs, and model-layer tools — with an honest look at where Safeguard fits.

Jul 5, 20266 min read
AI Security

The LLM Application Security Checklist (2026)

You are shipping an LLM feature. Before it goes live, walk this checklist — organized around the OWASP Top 10 for LLM Applications — to catch the risks that matter most in production.

Jul 4, 20265 min read
AI Security

LLM Jailbreak Prevention: A Defense-in-Depth Playbook

A jailbreak is not the same thing as a prompt injection, and conflating them leads to defenses that miss. Here is how modern jailbreaks actually work and the layered controls that hold the line.

Jul 3, 20265 min read
llm-security (Page 2) — Safeguard Blog