AI Security
AI Agent Blast Radius Management
Every agent in production has a blast radius. Most teams have not measured theirs. Here is how to measure it and how to bring it under control.
Mar 10, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Every agent in production has a blast radius. Most teams have not measured theirs. Here is how to measure it and how to bring it under control.
Shipping AI features without an eval harness is shipping without tests. Here is how to build one that actually gates releases without becoming a bottleneck.
Picking a model for a security workflow is not the same as picking one for a chatbot. Here are the criteria that actually matter and how to weigh them.
Snyk's ToxicSkills research found prompt injection in 36% of Claude skills tested and 1,467 malicious payloads. The SKILL.md trust model is the structural issue.
The November 25, 2025 Model Context Protocol release adds Tasks, formalises long-running work, and reshapes the audit story for enterprise MCP.
The official MCP Registry launched in September 2025 with namespace-bound publishing. We unpack the trust model and what it does — and does not — defend against.
Cognition's Devin executes engineering tasks autonomously in cloud sandboxes. We unpack the trust boundaries, the human checkpoints, and what defenders must require.
A Cursor user's Supabase MCP server was tricked by a support ticket into exfiltrating an integration_tokens table. The bug was not in MCP. It was in the trifecta.
The June 2025 MCP spec made every server an OAuth 2.1 resource server, mandated RFC 8707 resource indicators, and added elicitation. Here is what changes for blue teams.
Weekly insights on software supply chain security, delivered to your inbox.