llm-security
Safeguard articles tagged "llm-security" — guides, analysis, and best practices for software supply chain and application security.
108 articles
Prompt Injection Prevention: A Defense-in-Depth Guide
Prompt injection is the top risk on the OWASP list for LLM applications for a reason: there is no single patch. Preventing it means layering controls around a model that cannot reliably tell instructions from data.
AI Security Software: A Buyer's Guide for 2026
The label 'AI security software' now covers two different markets — tools that secure AI systems, and security tools powered by AI. How to tell them apart, what to evaluate, and the questions that expose thin products.
RAG Security Best Practices for 2026
Retrieval-augmented generation wired an untrusted-content pipeline straight into your model's context window. Here are the practices that keep a poisoned document or a leaked chunk from becoming an incident.
Reducing false positives in secret scanning with context-...
Regex-based secret scanners like GitHub Advanced Security flood teams with false positives. Here's how context-aware LLM reasoning cuts the noise without missing real leaked credentials.
Prompt Injection Examples: Attacks Seen in the Wild
From hidden text in resumes to poisoned web pages that hijack AI browsing agents, prompt injection has moved from research demos to real incidents. Here are the patterns and what actually blunts them.
Securing LangChain and LlamaIndex Applications in Production
Agent frameworks ship fast and patch fast. The CVE history, the dangerous defaults, and a production hardening baseline for LangChain and LlamaIndex apps.
Prompt injection attacks: direct vs indirect
Direct prompt injection comes from the chat box; indirect injection hides in the data your AI agent trusts. Here's how the two attack types differ and what stops each.
Best LLM Security Tools in 2026: Guardrails, Red Teaming, and Runtime Defense Compared
An honest guide to the best LLM security tools in 2026 — from open-source guardrails and red-teaming scanners like NeMo Guardrails, garak, and LLM Guard to runtime APIs and full AI security platforms — with clear guidance on which job each one actually does.
How Copilot amplifies insecure codebases
Copilot writes ~46% of code where enabled, and studies show ~40% of its security-relevant suggestions are vulnerable. Here's the data on the risk.
AI hallucinations and their security implications for developers
LLMs hallucinate nonexistent packages in up to 1 in 5 code samples — and slopsquatting attacks are already exploiting that predictability in the wild.
Security in AI Systems: What Actually Changes
Security in AI systems isn't a wholly new discipline, but prompt injection, training data provenance, and model supply chains introduce risks traditional AppSec tooling wasn't built to catch.
Data poisoning attacks against LLMs
A $60 domain purchase or 250 documents can backdoor an LLM. Here's how data poisoning attacks work, real cases, and how to defend against them.