llm-security
Safeguard articles tagged "llm-security" — guides, analysis, and best practices for software supply chain and application security.
108 articles
Best AI and LLM generated code security scanning tools
An honest buyer's guide to AI generated code security scanning tools: what to evaluate, how six real vendors stack up, and where they fall short.
AI Agent Memory: Security Risks
Persistent memory makes AI agents more useful and more dangerous. A security engineer's walkthrough of how agent memory gets poisoned, exfiltrated, and weaponised, with concrete 2025 examples.
How Snyk Agent Fix uses dynamic few-shot prompting to gen...
How Snyk Agent Fix uses dynamic few-shot prompting and a 35,000-example database to generate, validate, and iteratively repair AI-generated code fixes.
Hallucinated Dependencies: How AI Models Invent Package N...
AI coding assistants regularly invent package names that don't exist — and attackers are registering them first. Here's how slopsquatting works and how to defend against it.
Model Training Data and the Propagation of Insecure Codin...
LLM coding assistants inherit insecure patterns from their training data — from SQLi-prone snippets to hallucinated packages attackers exploit. Here's how the risk propagates.
How AI Code Generation Is Changing the Shape of the OWASP...
AI coding assistants are quietly reshuffling the OWASP Top Ten, elevating software supply chain risk and reviving old injection bugs at machine speed.
Common Insecure Suggestions in SQL and Auth Code from AI ...
Across studies from Stanford to BaxBench, AI assistants keep suggesting string-concatenated SQL and hardcoded JWT secrets. Here is the pattern, by the numbers.
Model Context Protocol Security 101: What Could Go Wrong ...
MCP lets AI models call tools automatically — and lets malicious servers hide instructions in plain sight. Here's how tool poisoning, rug pulls, and shadowing actually work.
Prompt Injection vs Traditional Injection Attacks: A Tech...
SQL injection was solved by separating code from data. Prompt injection can't be, because in an LLM they share one channel. Here's the technical comparison, with real exploits and dates.
The Jailbreaking Economy: How Model Vulnerabilities Get D...
Jailbreak prompts now trade like exploits: sold as $200/month "dark" chatbots, bountied by vendors for up to $15,000. Here's how that market actually works.
Distinguishing Model Risk from Application Risk in Agenti...
Model flaws and application flaws in AI agents cause different breaches and need different fixes. Real incidents show where each risk actually lives — and how to test for both.
What OpenAI and Anthropic Ecosystem Partnerships Signal A...
OpenAI and Anthropic's expanding ecosystem deals are an AI model vendor security partnership signal AppSec teams can no longer afford to ignore.