Safeguard
Tag

llm

Safeguard articles tagged "llm" — guides, analysis, and best practices for software supply chain and application security.

33 articles

AI Security

AI-Generated Dockerfile Vulnerability Patterns

LLM-generated Dockerfiles repeat the same six or seven mistakes. Here is the pattern catalog and how to catch them before they ship.

Feb 18, 20267 min read
Supply Chain Attacks

npm Slopsquat: The Hallucinated Package Risk in 2026

Slopsquatting is the practice of registering package names that LLMs hallucinate, turning AI coding assistants into an accidental distribution channel.

Feb 18, 20267 min read
AI Security

AI Models in Your Supply Chain: The Security Risks Nobody Talks About

AI/ML models are the new open source libraries. Here's why your supply chain security strategy needs to account for model provenance, poisoning, and compliance.

Feb 15, 20263 min read
AI Security

Copilot Code Review Security: What It Misses

Copilot's code review is useful. It is also not a security review, and treating it as one is how vulnerabilities ship. Here is what it actually catches.

Feb 13, 20267 min read
AI Security

RAG Pipeline Supply Chain Attacks: Vector DBs and More

RAG pipelines have six or seven supply chain surfaces, and most teams are only watching one. Here is how the attacks actually look in production.

Feb 3, 20267 min read
AI Security

Sandboxing LLM Agent Code Execution: Patterns

If your agent can execute code, something it reads from the internet can execute code. Pick your sandbox before the agent picks one for you.

Jan 29, 20267 min read
AI Security

Prompt Injection as a Supply Chain Risk in 2026

Prompt injection stopped being an LLM curiosity the moment agents started committing code. It is now a software supply chain risk and should be modeled as one.

Jan 24, 20267 min read
AI Security

AI Agent Security Risks: Why Autonomous Systems Are the Next Supply Chain Frontier

AI agents are consuming APIs, installing packages, and executing code autonomously. The security implications are massive and largely unaddressed.

Jan 20, 20266 min read
Product

Safeguard Griffin 3.0 GA: What's New

Griffin 3.0 is now generally available. Here is what changed in the reasoning and remediation model, how it behaves in practice, and the defaults you should know.

Jan 10, 20267 min read
SBOM

AI-Generated SBOMs: How Accurate Are They?

LLMs can now generate SBOMs from source code and documentation. We tested five AI SBOM generators against traditional tools to measure accuracy, completeness, and reliability.

Nov 12, 20257 min read
AI Security

Open-Weight Model Sandboxing Patterns

Running an open-weight model inside an enterprise perimeter seems safer than calling a hosted API. It is, and it isn't. The sandboxing patterns that actually produce the safety properties.

Aug 28, 20256 min read
Frameworks

OWASP LLM Top 10 2025: System Prompt Leakage and Vector Weaknesses

The OWASP Top 10 for LLM Applications 2025 added System Prompt Leakage and Vector/Embedding Weaknesses, and elevated Sensitive Information Disclosure to #2. Here is the defender view.

Apr 22, 20257 min read
llm (Page 2) — Safeguard Blog