Trends
Safeguard articles tagged "Trends" — guides, analysis, and best practices for software supply chain and application security.
49 articles
2026 Q1 CVE Trend Analysis
A data-driven look at CVE trends from Q1 2026: publication volume, severity distribution, exploitation patterns, and what the shifts mean for defenders.
MFT Mass Exploitation Trend In 2026
Managed file transfer platforms have become a recurring epicenter of mass exploitation. We trace the 2026 incidents, the reused tradecraft, and what defenders should do now.
AI Agent Supply Chain Attacks: 2026 Trend Watch
AI agents pull tools, models, and data from a sprawling chain of upstream providers. In 2026 attackers learned to poison that chain — and the fallout is shaping how enterprises buy and operate agentic systems.
EU CRA Enforcement First Year: What Changed
A senior engineer's review of the first year of EU Cyber Resilience Act enforcement, what regulators actually asked for, what vendors got wrong, and where the bar moves next.
npm Account Takeover Pattern Evolution
npm account takeovers have shifted from opportunistic phishing to coordinated, multi-stage operations. We trace the 2025 to 2026 evolution and what it means for maintainers.
Agentic AI Budget Explosions And Cost Controls
Agent runaway is no longer a theoretical risk — it is a line item on quarterly variance reports. The 2026 trend in agentic AI is less about model capability and more about who pays when an agent loops.
EU AI Act High-Risk System Obligations
A senior engineer's breakdown of the EU AI Act high-risk system obligations as they apply in 2026, with a focus on documentation, supply chain, and ongoing monitoring.
PyPI Malicious Package Trends Q1 2026
Q1 2026 PyPI malicious package activity shows a clear shift toward AI and ML tooling targets. We break down the data, the tradecraft, and the implications.
MCP Vulnerability Disclosure Trends In 2026
MCP servers went from a niche protocol to standard agent infrastructure in under two years. The vulnerability disclosure landscape is catching up — fast, messily, and with patterns worth tracking.
CISA Secure-By-Design Pledge Update 2026
A senior engineer's view of where the CISA Secure-By-Design pledge stands in 2026, what signatories actually delivered, and what the second wave of expectations looks like.
Dependency Confusion Five Years In: Evolution
Dependency confusion turned five in 2026. We look at how the attack has evolved, why it still works, and what defenders have actually learned.
AI Coding Assistant Data Leak Incidents Trend
AI coding assistants are now standard developer tooling. The incident data from 2025 and early 2026 shows a recurring pattern of source code, credential, and customer data leaking through them.