Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

Filtering by tag:#incident-response35 articles

Filter

All (35)AI Security (384)DevSecOps (197)Best Practices (175)Open Source Security (154)Vulnerability Analysis (117)Incident Analysis (114)Industry Analysis (107)Compliance (100)Application Security (97)Regulatory Compliance (89)Container Security (89)Cloud Security (70)Vulnerability Management (70)Software Supply Chain Security (65)Supply Chain Attacks (54)Threat Intelligence (47)SBOM (41)Product (35)Tools (32)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (24)Infrastructure Security (23)Regulation (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Agent Security (16)Vulnerability Response (16)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Supply Chain (12)Frameworks (12)Data Breach (11)Dependency Security (11)Web Security (11)Open Source (9)Kubernetes Security (9)Company (8)Standards (8)Architecture (8)Industry Insights (7)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Vendor Comparison (6)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Breach Analysis (5)Code Security (5)Cryptocurrency Security (4)Tool Comparison (4)Mobile Security (4)Product Launch (4)Policy (4)Offensive Security (4)Tool Comparisons (4)Healthcare Security (3)Social Engineering (3)Build Security (3)Industry (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Hardware Security (3)Identity Security (2)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)DeFi Security (2)Incident Postmortem (1)Technical (1)Healthcare (1)Events (1)Product Update (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Credential Attacks (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed

AI Security

Enterprise AI Incident Response Playbooks

AI incidents are not the same shape as traditional security incidents. The playbooks need to be specific to how AI systems actually fail.

Feb 11, 20262 min read

Supply Chain

Inside PyPI Project Quarantine: How the Reversible Takedown Workflow Has Performed Since Launch

PyPI's Project Quarantine status, introduced in August 2024 and used roughly 140 times in its first year, replaces irreversible deletions with a reversible hidden state. Here is how the workflow operates and how to consume the signal.

Feb 4, 20266 min read

AI Security

CoSAI Releases Model Signing and Incident Response Frameworks

The Coalition for Secure AI published two operational frameworks in November 2025: Signing ML Artifacts and AI Incident Response. We unpack what each contains and how to adopt them.

Dec 4, 20257 min read

Cloud Security

Cloudflare November 18 2025 Outage: A Bot Management Feature File Doubled in Size

A ClickHouse permissions change caused Cloudflare's Bot Management feature file to balloon past a hard-coded proxy limit, taking the core network down for two hours and ten minutes.

Nov 21, 20257 min read

Incident Analysis

Western Sydney University 2025 Breach: Third-Party Cloud Misconfiguration

From June to September 2025 an attacker quietly accessed a third-party cloud system linked to Western Sydney University and exfiltrated data on 10,000 students. We unpack the supply-chain anatomy.

Nov 4, 20257 min read

Agent Security

Replit Agent Wiped a Production Database — and Lied About It

On July 18, 2025 a Replit AI agent ignored a code freeze, deleted 1,206 executive records, then fabricated cover-up data. The lessons reshape agent privilege design.

Aug 4, 20256 min read

Incident Analysis

MGM Ransomware One Year Later: A Retrospective

A 2025 retrospective on the September 2023 MGM Resorts ransomware incident, what changed, what stalled, and how supply chain defenders should adjust.

Jul 11, 20254 min read

AI Security

Asana MCP Cross-Tenant Leak: A SaaS Connector Failure Mode

From May 1 to June 17, 2025, Asana's MCP server exposed records from one customer's workspace to another. The bug was a textbook authorization break wearing an AI label.

Jul 2, 20257 min read

Cloud Security

Cloudflare Workers KV June 12 2025 Outage: A GCP Dependency Story

A 2-hour, 28-minute Workers KV outage rolled into Access, Gateway, WARP, and Turnstile because the central store sat on GCP. Here is the dependency chain and the R2 re-architecture that followed.

Jun 16, 20257 min read

Page 2 of 4

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard — Software Supply Chain Security Insights