Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Open Source Security

.NET deserialization vulnerability landscape

A look at the .NET deserialization vulnerability landscape — from the 2025 ASP.NET machine key crisis to BinaryFormatter's retirement and Telerik exploits.

Nov 15, 20257 min read
AI Security

LLM Unbounded Consumption: Resource Exhaustion Attacks

How attackers exploit token-based pricing and growing context windows to exhaust LLM compute and inflate cloud bills — and the concrete limits that stop them.

Nov 15, 20259 min read
Buyer's Guides

Best CI/CD pipeline security tools

A fair, no-hype buyer's guide to CI/CD pipeline security tools: what to evaluate, six real vendors compared, and where Safeguard fits in the stack.

Nov 15, 20258 min read
AI Security

LLM Vector and Embedding Weaknesses

Embeddings aren't anonymized math — Vec2Text recovers 92% of text from vectors, and OWASP's LLM08:2025 now names inversion, poisoning, and exposed vector DBs as core AI risks.

Nov 15, 20257 min read
AI Security

Model Theft: Protecting Proprietary LLMs from Extraction ...

A $20 API attack can clone a production LLM's embeddings. Here's how model extraction works, real incidents from LLaMA to DeepSeek, and how to protect proprietary models.

Nov 14, 20257 min read
AI Security

Training Data Poisoning Attacks on Machine Learning Models

A $60 domain purchase or 0.001% of training tokens can silently corrupt an ML model. Here's how training data poisoning attacks work and how to defend against them.

Nov 14, 20257 min read
AI Security

Insecure Output Handling in LLM-Integrated Applications

LLM output that reaches a browser, database, or shell unvalidated can trigger XSS, SQL injection, or RCE. Here's how insecure output handling breaks AI apps.

Nov 13, 20258 min read
Open Source Security

WordPress plugin vulnerability trends

WordPress plugin CVEs keep climbing and exploitation windows keep shrinking. Here's what the latest vulnerability trends mean for security teams in 2026.

Nov 13, 20257 min read
Buyer's Guides

Best malicious package detection tools for open source de...

A field guide to malicious package detection tools for npm and PyPI, comparing real vendors on detection method, coverage, and dependency confusion handling.

Nov 13, 20258 min read
Buyer's Guides

Best typosquatting and dependency confusion detection tools

A practical buyer's guide to typosquatting detection tools and dependency confusion scanners, comparing real vendors and how Safeguard fits in.

Nov 13, 20258 min read
AI Security

LLM Insecure Plugin Design Vulnerabilities

ChatGPT plugins, LangChain agents, and MCP servers have all shipped insecure plugin flaws exposing accounts and data. Here's how Safeguard defends against them.

Nov 13, 20258 min read
Open Source Security

Packagist typosquatting report

A report on Packagist typosquatting campaigns targeting Composer/PHP packages, how attackers exploit install hooks, and how to detect them.

Nov 13, 20257 min read
supply-chain-security (Page 66) — Safeguard Blog