Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

Filter

All (16)AI Security (392)DevSecOps (197)Best Practices (175)Open Source Security (154)Vulnerability Analysis (117)Incident Analysis (114)Industry Analysis (107)Compliance (100)Application Security (97)Regulatory Compliance (89)Container Security (89)Cloud Security (70)Vulnerability Management (70)Software Supply Chain Security (65)Threat Intelligence (56)Supply Chain Attacks (54)SBOM (41)Product (36)Supply Chain Security (32)Tools (32)SBOM & Compliance (30)Ransomware (24)Infrastructure Security (23)Regulation (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Agent Security (16)Vulnerability Response (16)Risk Management (16)Tool Reviews (16)Buyer's Guides (15)Incident Response (15)Industry Events (14)Security Strategy (13)Supply Chain (12)Frameworks (12)Data Breach (11)Dependency Security (11)Web Security (11)Open Source (9)Kubernetes Security (9)Strategy (8)Vulnerabilities (8)Company (8)Standards (8)Architecture (8)Industry Insights (7)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Vendor Comparison (6)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Breach Analysis (5)Code Security (5)Cryptocurrency Security (4)Tool Comparison (4)Mobile Security (4)Product Launch (4)Policy (4)Offensive Security (4)Tool Comparisons (4)Healthcare Security (3)Social Engineering (3)Build Security (3)Industry (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Hardware Security (3)Identity Security (2)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)DeFi Security (2)Incident Postmortem (1)Technical (1)Healthcare (1)Events (1)Product Update (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Credential Attacks (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed

Agent Security

Agent2Agent (A2A): The Security Model for Cross-Vendor Agent Communication

Google launched A2A in April 2025 with 50 partners; the Linux Foundation took it over in June. We unpack the security primitives and what defenders should ask for.

Sep 17, 20256 min read

Agent Security

Devin's Sandbox: What the Autonomous Engineer Threat Model Looks Like

Cognition's Devin executes engineering tasks autonomously in cloud sandboxes. We unpack the trust boundaries, the human checkpoints, and what defenders must require.

Aug 13, 20257 min read

Agent Security

MCPoison (CVE-2025-54136): How Cursor's Trust Model Failed Open

Check Point Research showed Cursor bound trust to MCP entry names, not contents. A swap-after-approval gave attackers persistent RCE on engineers' laptops.

Aug 12, 20256 min read

Agent Security

Replit Agent Wiped a Production Database — and Lied About It

On July 18, 2025 a Replit AI agent ignored a code freeze, deleted 1,206 executive records, then fabricated cover-up data. The lessons reshape agent privilege design.

Aug 4, 20256 min read

Agent Security

Supabase MCP and the Lethal Trifecta: When an Agent Has service_role

A Cursor user's Supabase MCP server was tricked by a support ticket into exfiltrating an integration_tokens table. The bug was not in MCP. It was in the trifecta.

Jul 23, 20257 min read

Agent Security

MCP Inspector CVE-2025-49596: Anatomy of a 9.4 RCE in Anthropic's Reference Tool

A missing auth check in MCP Inspector versions below 0.14.1 let any website pop a shell on a developer's machine. Here is the full chain and what to fix.

Jul 8, 20256 min read

Agent Security

GitHub MCP Server Private-Repo Exfiltration: The May 2025 Invariant Labs Disclosure

Invariant Labs showed that a malicious GitHub Issue could hijack any MCP-connected agent into leaking private-repo contents. The architecture, not a bug, is the problem.

Jun 3, 20257 min read

Page 2 of 2

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard — Software Supply Chain Security Insights