Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Container Security

Docker Hub typosquatting of official images

Attackers are cloning popular Docker Official Images under lookalike names, tricking `docker pull` into fetching malware instead of trusted base images.

Nov 17, 20257 min read
Buyer's Guides

Best container image scanning tools

A practical comparison of container image scanning tools — Trivy, Grype, Snyk, Docker Scout, Clair, and Anchore — with real strengths, limits, and how to pick one.

Nov 17, 20257 min read
AI Security

Uncontrolled Recursion in AI Agent Loops

AI agents can call themselves into runaway loops, burning thousands of dollars and crashing services. Here's why it happens and how to stop it.

Nov 17, 20257 min read
Container Security

Container image supply chain attack trends

Container images have become the software supply chain's most contested attack surface. A look at the xz-utils backdoor, registry-borne malware campaigns, and the detection gaps behind them.

Nov 17, 20258 min read
Buyer's Guides

Best Kubernetes security scanning tools

A practical, no-fluff comparison of Kubernetes security scanning tools — CIS benchmark coverage, runtime detection, and where each real vendor falls short.

Nov 17, 20258 min read
AI Security

Memory and Context Poisoning Attacks Against AI Agents

How attackers poisoned ChatGPT's memory and RAG pipelines to hijack AI agents long-term, and the controls Safeguard uses to catch it before it spreads.

Nov 17, 20258 min read
AI Security

Agentic Unexpected Code Execution Vulnerabilities

How AI agents with code-execution tools get hijacked by prompt injection—from the Vanna.ai RCE (CVE-2024-5565) to LangChain and MCP—and what to do about it.

Nov 17, 20258 min read
Container Security

Outdated container images still running in production

New industry data shows most production containers still run on stale, vulnerable base images months after fixes ship -- here's why, and how to close the gap.

Nov 17, 20258 min read
AI Security

Agentic AI Supply Chain Vulnerabilities

Agentic AI systems trust tools and models at runtime, not build time. Real 2024-2025 incidents show how MCP servers and AI packages become supply chain attack vectors.

Nov 17, 20257 min read
Container Security

Container registry credential leak trends

2026 data shows container registry credential leaks accelerating as CI pipelines speed up — and why layer-aware scanning, not just final-image checks, is now essential.

Nov 16, 20256 min read
AI Security

Agent Tool Misuse and Exploitation

Attackers don't need to hack AI agents — they just redirect their own tools. Here's how tool misuse works, real 2025 incidents, and how to stop it.

Nov 16, 20258 min read
Container Security

Kubernetes Helm chart vulnerability trends

New Safeguard research finds most public Helm charts ship risky defaults and stale image pins—here's what the data shows and how to fix it.

Nov 16, 20257 min read
supply-chain-security (Page 65) — Safeguard Blog