llm
Safeguard articles tagged "llm" — guides, analysis, and best practices for software supply chain and application security.
33 articles
AI-Generated Dockerfile Vulnerability Patterns
LLM-generated Dockerfiles repeat the same six or seven mistakes. Here is the pattern catalog and how to catch them before they ship.
npm Slopsquat: The Hallucinated Package Risk in 2026
Slopsquatting is the practice of registering package names that LLMs hallucinate, turning AI coding assistants into an accidental distribution channel.
AI Models in Your Supply Chain: The Security Risks Nobody Talks About
AI/ML models are the new open source libraries. Here's why your supply chain security strategy needs to account for model provenance, poisoning, and compliance.
Copilot Code Review Security: What It Misses
Copilot's code review is useful. It is also not a security review, and treating it as one is how vulnerabilities ship. Here is what it actually catches.
RAG Pipeline Supply Chain Attacks: Vector DBs and More
RAG pipelines have six or seven supply chain surfaces, and most teams are only watching one. Here is how the attacks actually look in production.
Sandboxing LLM Agent Code Execution: Patterns
If your agent can execute code, something it reads from the internet can execute code. Pick your sandbox before the agent picks one for you.
Prompt Injection as a Supply Chain Risk in 2026
Prompt injection stopped being an LLM curiosity the moment agents started committing code. It is now a software supply chain risk and should be modeled as one.
AI Agent Security Risks: Why Autonomous Systems Are the Next Supply Chain Frontier
AI agents are consuming APIs, installing packages, and executing code autonomously. The security implications are massive and largely unaddressed.
Safeguard Griffin 3.0 GA: What's New
Griffin 3.0 is now generally available. Here is what changed in the reasoning and remediation model, how it behaves in practice, and the defaults you should know.
AI-Generated SBOMs: How Accurate Are They?
LLMs can now generate SBOMs from source code and documentation. We tested five AI SBOM generators against traditional tools to measure accuracy, completeness, and reliability.
Open-Weight Model Sandboxing Patterns
Running an open-weight model inside an enterprise perimeter seems safer than calling a hosted API. It is, and it isn't. The sandboxing patterns that actually produce the safety properties.
OWASP LLM Top 10 2025: System Prompt Leakage and Vector Weaknesses
The OWASP Top 10 for LLM Applications 2025 added System Prompt Leakage and Vector/Embedding Weaknesses, and elevated Sensitive Information Disclosure to #2. Here is the defender view.