AI Security
ChatGPT Plugins and the New Plugin Supply Chain Attack Surface
AI plugins connect LLMs to external services, creating a supply chain of trust that most users never examine. The risks are significant.
Jun 5, 20235 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
AI plugins connect LLMs to external services, creating a supply chain of trust that most users never examine. The risks are significant.
Private package registries are high-value targets for supply chain attackers. Here is how to lock them down, from access controls to dependency confusion prevention.
Citizen developers are building applications on low-code platforms faster than security teams can assess them. The supply chain risks are real and growing.
A hands-on guide to pinning every third-party GitHub Action to a full commit SHA, automating updates with Dependabot, and avoiding the common pitfalls.
How a Trading Technologies installer from 2022 poisoned the 3CX build pipeline in 2023, producing the first publicly confirmed cascading supply chain attack.
Smart contracts import code from unaudited libraries, creating supply chain risks that have already led to billions in losses. The Web3 ecosystem needs better tooling.
sum.golang.org went public in August 2019. After four years of production, here is what the Go checksum database got right and what it did not.
Container build tools have direct access to your source code, secrets, and registries. BuildKit and Buildah offer security features that most teams ignore. Here is what to use and why.
Phishing remains the top initial access vector for supply chain attacks. Targeted emails against developers, maintainers, and DevOps engineers open the door to code injection, credential theft, and pipeline compromise.
Weekly insights on software supply chain security, delivered to your inbox.