Industry Analysis
Black Hat USA 2025: Supply Chain Security Recap
Black Hat USA 2025 highlighted AI-generated code risks, build system attacks, and the maturation of SBOM tooling. Here is what mattered for supply chain teams.
Jan 28, 20268 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Black Hat USA 2025 highlighted AI-generated code risks, build system attacks, and the maturation of SBOM tooling. Here is what mattered for supply chain teams.
Retrieval-augmented generation systems are where enterprise AI meets enterprise data, and where most security rollouts stumble. A catalog of the antipatterns we keep seeing.
Getting the CWE right is not a taxonomic hobby. It drives remediation, compliance mapping, and detection engineering. Here is how grounded and pure-LLM scanners compare.
Qwen's open-weight models have strong code benchmarks. We dig into how they compare to Griffin AI when the workflow is real code security, not just leetcode.
SecBench positioned itself as a comprehensive cybersecurity knowledge and reasoning benchmark for LLMs. A methodology review of its construction, scoring, and the gaps that separate the advertised coverage from what the benchmark actually exercises.
Claude Sonnet is the workhorse model Griffin leans on for remediation. Here's how raw Sonnet compares to Sonnet inside Griffin's remediation pipeline.
Domain adaptation has quietly become the default for LLM-assisted vulnerability detection. A look at what works in 2026, what does not, and what teams should plan for next.
GPT-4o is an excellent general-purpose model. Security workflows are a specialty, and specialty work exposes the limits of general intelligence.
Weekly insights on software supply chain security, delivered to your inbox.