supply-chain-security
Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.
1045 articles
.NET deserialization vulnerability landscape
A look at the .NET deserialization vulnerability landscape — from the 2025 ASP.NET machine key crisis to BinaryFormatter's retirement and Telerik exploits.
LLM Unbounded Consumption: Resource Exhaustion Attacks
How attackers exploit token-based pricing and growing context windows to exhaust LLM compute and inflate cloud bills — and the concrete limits that stop them.
Best CI/CD pipeline security tools
A fair, no-hype buyer's guide to CI/CD pipeline security tools: what to evaluate, six real vendors compared, and where Safeguard fits in the stack.
LLM Vector and Embedding Weaknesses
Embeddings aren't anonymized math — Vec2Text recovers 92% of text from vectors, and OWASP's LLM08:2025 now names inversion, poisoning, and exposed vector DBs as core AI risks.
Model Theft: Protecting Proprietary LLMs from Extraction ...
A $20 API attack can clone a production LLM's embeddings. Here's how model extraction works, real incidents from LLaMA to DeepSeek, and how to protect proprietary models.
Training Data Poisoning Attacks on Machine Learning Models
A $60 domain purchase or 0.001% of training tokens can silently corrupt an ML model. Here's how training data poisoning attacks work and how to defend against them.
Insecure Output Handling in LLM-Integrated Applications
LLM output that reaches a browser, database, or shell unvalidated can trigger XSS, SQL injection, or RCE. Here's how insecure output handling breaks AI apps.
WordPress plugin vulnerability trends
WordPress plugin CVEs keep climbing and exploitation windows keep shrinking. Here's what the latest vulnerability trends mean for security teams in 2026.
Best malicious package detection tools for open source de...
A field guide to malicious package detection tools for npm and PyPI, comparing real vendors on detection method, coverage, and dependency confusion handling.
Best typosquatting and dependency confusion detection tools
A practical buyer's guide to typosquatting detection tools and dependency confusion scanners, comparing real vendors and how Safeguard fits in.
LLM Insecure Plugin Design Vulnerabilities
ChatGPT plugins, LangChain agents, and MCP servers have all shipped insecure plugin flaws exposing accounts and data. Here's how Safeguard defends against them.
Packagist typosquatting report
A report on Packagist typosquatting campaigns targeting Composer/PHP packages, how attackers exploit install hooks, and how to detect them.