Safeguard
Tag

ml-security

Safeguard articles tagged "ml-security" — guides, analysis, and best practices for software supply chain and application security.

7 articles

Application Security

The Python pickle security model, explained

Python's own docs warn that unpickling can execute arbitrary code — yet pickle is still the default weight format behind millions of ML model downloads.

Jul 7, 20266 min read
AI Security

AI Data Poisoning Defense: Protecting Models from Tainted Data

You do not need to corrupt most of a training set to backdoor a model — recent research suggests a small, near-constant number of poisoned documents can be enough. Defense starts with treating data as a dependency.

Jul 4, 20265 min read
Supply Chain Security

PyTorch Lightning PyPI Compromise: A Software Supply Chain Attack Built to Drain ML Credentials

In April 2026, attackers pushed malicious versions of the lightning PyPI package and an npm intercom-client release, harvesting cloud, CI/CD, and GitHub credentials. Here is what happened and why ML tooling is now a prime supply chain target.

Jun 20, 20266 min read
AI Security

Fine-Tune Backdoor Insertion: Academic Research

A senior engineer's review of academic research on fine-tune backdoor insertion, from BadNets to sleeper agents, and how the findings translate to production ML.

Mar 28, 20267 min read
AI Security

Training Data Poisoning: Pipeline Defenses

A senior engineer's guide to training data poisoning defenses in 2026, from split-learning detection to provenance attestation and continuous pipeline monitoring.

Mar 25, 20267 min read
AI Security

How data poisoning attacks corrupt LLM behavior during tr...

A single expired domain and $60 can poison a training set. Here's how data poisoning attacks corrupt LLM behavior — and how Safeguard verifies training data before it ships.

Dec 16, 20257 min read
SBOM

AI-BOMs: Extending Bill-of-Materials Thinking to Machine ...

AI-BOMs extend SBOM discipline to machine learning models—tracking training data, weights, and lineage. Here's what they contain and why regulators now require them.

Jul 28, 20257 min read
ml-security — Safeguard Blog