AI Security
AI-BOM and ML-BOM: The State of Standards in 2026
Where AI-BOM and ML-BOM specifications stand in 2026, which formats have real adoption, and what to capture today even if the standards are still in motion.
Mar 18, 20265 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Where AI-BOM and ML-BOM specifications stand in 2026, which formats have real adoption, and what to capture today even if the standards are still in motion.
An honest security buyer's review of Cursor Enterprise for 2026: data handling, model isolation, audit posture, and the gaps to negotiate before signing.
Prompt injection remains the LLM01 entry on the OWASP LLM Top 10 for a reason. A pragmatic look at the defense architectures that hold up in production this year.
Poisoning attacks against the model supply chain have moved from research to incident reports. What detection looks like when the attack surface includes weights.
Watermarking and provenance are the two most confused terms in AI security. A practical breakdown of what each actually does, where the 2025 techniques break, and what to ship in the meantime.
Retrieval-augmented generation is the most common LLM deployment pattern in the enterprise and the most commonly poisoned. A senior security engineer's playbook for defences that hold up in production.
Weekly insights on software supply chain security, delivered to your inbox.