supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1045 articles
Docker Hub typosquatting of official images
Attackers are cloning popular Docker Official Images under lookalike names, tricking `docker pull` into fetching malware instead of trusted base images.
Best container image scanning tools
A practical comparison of container image scanning tools — Trivy, Grype, Snyk, Docker Scout, Clair, and Anchore — with real strengths, limits, and how to pick one.
Uncontrolled Recursion in AI Agent Loops
AI agents can call themselves into runaway loops, burning thousands of dollars and crashing services. Here's why it happens and how to stop it.
Container image supply chain attack trends
Container images have become the software supply chain's most contested attack surface. A look at the xz-utils backdoor, registry-borne malware campaigns, and the detection gaps behind them.
Best Kubernetes security scanning tools
A practical, no-fluff comparison of Kubernetes security scanning tools — CIS benchmark coverage, runtime detection, and where each real vendor falls short.
Memory and Context Poisoning Attacks Against AI Agents
How attackers poisoned ChatGPT's memory and RAG pipelines to hijack AI agents long-term, and the controls Safeguard uses to catch it before it spreads.
Agentic Unexpected Code Execution Vulnerabilities
How AI agents with code-execution tools get hijacked by prompt injection—from the Vanna.ai RCE (CVE-2024-5565) to LangChain and MCP—and what to do about it.
Outdated container images still running in production
New industry data shows most production containers still run on stale, vulnerable base images months after fixes ship -- here's why, and how to close the gap.
Agentic AI Supply Chain Vulnerabilities
Agentic AI systems trust tools and models at runtime, not build time. Real 2024-2025 incidents show how MCP servers and AI packages become supply chain attack vectors.
Container registry credential leak trends
2026 data shows container registry credential leaks accelerating as CI pipelines speed up — and why layer-aware scanning, not just final-image checks, is now essential.
Agent Tool Misuse and Exploitation
Attackers don't need to hack AI agents — they just redirect their own tools. Here's how tool misuse works, real 2025 incidents, and how to stop it.
Kubernetes Helm chart vulnerability trends
New Safeguard research finds most public Helm charts ship risky defaults and stale image pins—here's what the data shows and how to fix it.