shadow-ai
Safeguard articles tagged "shadow-ai" — guides, analysis, and best practices for software supply chain and application security.
11 articles
Practical DLP controls for generative AI tools
Samsung engineers leaked chip source code into ChatGPT three times in 20 days. Here's how to build DLP controls that stop the next leak before it happens.
AI Code Security Tools: risks of restricting them
Banning AI coding assistants doesn't remove the risk, it just removes visibility. Here's why restriction backfires and what actually secures AI-generated code.
Enterprise Browser Security: The Browser Is the New Endpoint for Agentic AI
RSAC 2026 made it official — the enterprise browser is where agentic AI and shadow AI now live, and the industry is racing to put controls there. Here is what actually shipped and what still does not add up.
Best LLM Security Tools in 2026: Guardrails, Red Teaming, and Runtime Defense Compared
An honest guide to the best LLM security tools in 2026 — from open-source guardrails and red-teaming scanners like NeMo Guardrails, garak, and LLM Guard to runtime APIs and full AI security platforms — with clear guidance on which job each one actually does.
Agentic AI at RSAC 2026 vs Infosecurity Europe 2026: Two Continents, One Theme
RSAC 2026 in San Francisco and Infosecurity Europe 2026 in London both orbited agentic AI, shadow AI, and post-quantum cryptography. What changed across the Atlantic was the framing: market velocity versus regulation and sovereignty.
Agentic AI Security: Gartner Says Most AI-Agent Attacks Will Be Access-Control Failures
Gartner predicts that through 2029, more than half of successful attacks against AI agents will exploit access-control issues — with prompt injection as the delivery mechanism. Here's why that framing matters more than the headline number.
Shadow AI: Finding and Governing the Tools Your Employees Already Use
Most of your organization is already using AI you never approved. Here is how to discover it, govern it, and offer sanctioned alternatives before it becomes a breach.
The Vercel Breach: A Forgotten OAuth Grant Became a SaaS Supply-Chain Pivot (May 2026)
An infostealer infection at AI startup Context.ai let attackers reuse a Vercel employee's months-old Google Workspace OAuth grant to bypass MFA and exfiltrate customer environment variables. Disclosed April 2026, the fallout deepened through May.
RSAC 2026: Agentic AI, Shadow Tools, and the Quiet Return to the Endpoint
Agentic AI dominated RSA Conference 2026, but the harder story was shadow AI agents running unseen inside enterprises and a renewed scramble to secure the endpoint they live on.
What shadow AI is and how to discover unsanctioned AI use...
Shadow AI risk is spreading faster than governance can keep up. Here's what unsanctioned AI use looks like inside real enterprises and how to discover it before data leaks.
How Snyk AI-BOM surfaces shadow AI usage that security te...
How Snyk's AI-BOM uses code-level analysis, not manifest parsing, to surface shadow AI models, agent frameworks, and MCP servers security teams don't know are running.