Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1052 articles

SBOM

SBOM requirements for industrial control systems (ICS/SCADA)

ICS/SCADA SBOM requirements are colliding with 20-year-old control systems that predate software transparency mandates. Here's what's required, why, and how to close the gap.

Dec 22, 20257 min read
AI Security

Identity and access management for non-human AI agents

AI agents now hold production credentials the way employees do, except most are never offboarded. Here's how AI agent identity and access management closes that gap.

Dec 20, 20257 min read
AI Security

How to authorize and scope permissions for autonomous AI ...

A practical, step-by-step guide to AI agent authorization: scoping permissions, using OAuth for machine identities, and verifying least-privilege boundaries hold in production.

Dec 20, 20258 min read
AI Security

Securing computer-use AI agents that operate desktops and...

Computer-use AI agents can click, type, and log into any app on your desktop. Here is how computer use AI agent security actually works in practice.

Dec 19, 20257 min read
AI Security

Analysis of known MCP server CVEs and disclosed vulnerabi...

Two critical CVEs — in mcp-remote and Anthropic's MCP Inspector — reveal how MCP server vulnerabilities let untrusted servers execute code on client machines.

Dec 18, 20258 min read
AI Security

Step-by-step guide to hardening and securing an MCP serve...

A practical, step-by-step guide to hardening and securing an MCP server deployment -- authentication, sandboxing, network policy, and monitoring included.

Dec 18, 20258 min read
AI Security

OAuth and authentication patterns for Model Context Proto...

MCP OAuth authentication has been rewritten three times since March 2025. Here's how the spec, its token security model, and real CVEs like CVE-2025-49596 shape safe MCP deployments.

Dec 18, 20257 min read
AI Security

Risks of MCP server rug-pulls and silently changing tool ...

An MCP rug pull attack swaps a trusted server's tool definitions after approval. Here's how tool definition drift happens, and how Safeguard catches it early.

Dec 17, 20257 min read
AI Security

Comparing MCP security scanning and gateway products

A practical buyer's guide to MCP security gateways and scanners — evaluation criteria, honest strengths and gaps for real vendors, and where Safeguard fits.

Dec 17, 20258 min read
AI Security

Glossary of Model Context Protocol security terminology

A precise MCP security glossary covering clients, servers, resources vs. tools, tool poisoning, rug pulls, and the confused deputy problem — with real-world examples.

Dec 17, 20259 min read
AI Security

Techniques for verifying model weight integrity and detec...

A practical guide to model weight integrity: baseline checksums, sign weights, verify in CI/CD, and detect tampering before it reaches production.

Dec 16, 20258 min read
AI Security

Securing the fine-tuning pipeline against injected malici...

Fine-tuning pipeline security is now an AI supply chain priority: as few as 250 poisoned documents can backdoor a model, and LoRA adapters make it easy to hide.

Dec 16, 20257 min read
supply-chain-security (Page 58) — Safeguard Blog