Trends
Safeguard articles tagged "Trends" — guides, analysis, and best practices for software supply chain and application security.
49 articles
Code Signing Key Theft Trend Watch
Code signing key theft has surged across 2025 and 2026. We trace the recurring incident patterns, the operator tradecraft, and the structural defenses that work.
AI-BOM Becoming Mandatory: Regulatory Trend
AI bills of materials moved from voluntary best practice to regulatory requirement in 2026. Multiple jurisdictions now require disclosure of model, data, and component lineage for high-impact AI systems.
FTC Data Broker Rule And Supply Chain Overlap
A senior engineer's view of how FTC data broker rulemaking through 2025 and 2026 intersects with software supply chain expectations for organizations handling personal data.
Ransomware Via Software Supply Chain In 2026
Ransomware operators increasingly enter victims through software supply chain pathways. We analyze the 2026 patterns, the affiliate dynamics, and what defenders should do.
Frontier Model Pricing Pressure: Architectural Response
Frontier model pricing is rising even as cheaper alternatives proliferate. The 2026 architectural response is multi-tier model routing — and the security implications are non-trivial.
DORA Financial Sector Supply Chain Controls
A senior engineer's view of how DORA's ICT third-party risk management requirements are reshaping software supply chain controls across European financial services.
RAG Poisoning In The Wild: Trend Watch
Retrieval-augmented generation was the 2024 success story. 2026 is when RAG poisoning moved from research to production incidents.
Nation-State Supply Chain Tradecraft Update
Nation-state supply chain tradecraft has evolved sharply since SolarWinds. We trace the 2025 to 2026 patterns, the operational signatures, and defensive implications.
Open-Source LLM Supply Chain Incidents 2026
Open-source LLM ecosystems hit a turning point in 2026 as supply chain incidents — backdoored fine-tunes, compromised weights, malicious adapter packages — moved from rare to recurring.
Australia Essential Eight 2026: Supply Chain
A senior engineer's view of how Australia's Essential Eight evolved through 2025 and 2026 to incorporate software supply chain expectations alongside the original mitigations.
The Eval Culture Shift in AI Security
Two years ago, AI vendors shipped without evals. In 2026, the posture has shifted. Customers expect benchmarks. Vendors without them lose deals.
EU AI Act Enforcement: Year One Review
The first enforcement window under the EU AI Act has closed. The actual pattern of enforcement looks different from the one vendors and advocacy groups predicted.