Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
AI coding assistants promise productivity but expand the data leakage surface in specific, mappable ways. The paths, the mitigations, and what enterprise policy actually looks like.
Synthetic eval benchmarks are controllable. Real-world data is messy. The gap between performance on each is usually large, and vendors prefer one over the other for a reason.
Claude's Computer Use lets an agent drive a GUI. For security, this is powerful and dangerous in equal measure. The architecture around it matters.
Crypto misuse is not about broken algorithms. It is about misused parameters, missing checks, and the gap between "it compiles" and "it is secure."
A senior engineer's take on the confused deputy problem in AI agent tool use, why it keeps reappearing in 2026, and the architectural patterns that actually fix it.
APT29's 2024-2025 cloud-native tradecraft — from Midnight Blizzard's Microsoft intrusion to the Teams phishing pivots — shows how SVR targets identity as supply chain.
A senior engineer's CMMC Level 3 checklist focused on software supply chain: SBOM, SC-SR controls, SSP evidence, and the operational gaps most defense contractors still have.
CVE-2024-4367 is a PDF.js code-execution flaw via font handling that affects Firefox, Thunderbird, and every embedder. Root cause and remediation.
A survey-style summary of container security in 2026: what production teams actually ship, where image security stands, and which runtime controls moved the needle.
Weekly insights on software supply chain security, delivered to your inbox.