Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
When your pipeline starts producing zero-days, you inherit responsible disclosure obligations. Here is how to do it well, with the artefacts the pipeline already gives you.
AI coding assistants are now standard developer tooling. The incident data from 2025 and early 2026 shows a recurring pattern of source code, credential, and customer data leaking through them.
Most AI observability stacks log prompts and completions. The actual security signal is in the tool calls. Here is how to capture it.
Fixing a transitive dependency is rarely a single bump. It is a cascade. Here is how to manage those cascades without flooding reviewers or breaking builds.
Multi-repo security reasoning is a graph problem, not a retrieval problem. How Griffin AI's engine scales where pure-LLM products flatten into guesswork.
The difference between an engine-plus-LLM bug hunter and a pure-LLM one is not a tuning detail. It is a structural divide that determines whether the findings are usable.
An attacker who can swap the model behind an API call can read every prompt and shape every response. The emerging trend in 2026 is model substitution as an attack class with its own techniques and disclosures.
Some tool calls cannot be undone. Out-of-band confirmation is the cheapest defense for that small set, and the most expensive thing to skip.
Pure-LLM vulnerability scanners hit production around 2024. By 2026 their failure modes are documented. Reachability remains the backbone — and the LLM is most useful on top of it.
Weekly insights on software supply chain security, delivered to your inbox.