AI Security
Model Substitution Risk In Enterprise Deployments
The model you think you're calling might not be the model that returns. Model substitution is a quiet supply chain risk that deserves explicit controls.
Mar 4, 20262 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The model you think you're calling might not be the model that returns. Model substitution is a quiet supply chain risk that deserves explicit controls.
Retrieval-augmented generation was the 2024 success story. 2026 is when RAG poisoning moved from research to production incidents.
Autonomous coding agents can escalate privilege in subtle ways that traditional threat models miss. A breakdown of the common escalation paths and how to constrain them.
Data residency for AI workloads has moved from nice-to-have to contractually required. The shape of the requirement is specific and worth knowing before procurement.
Injection vulnerabilities are not really about the sink. They are about the path from untrusted input to the sink. The path is where Griffin AI and Mythos-class tools diverge.
Fine-tuning inherits every problem of the base model and adds dataset provenance as a new one. Here is how detection actually works in practice.
Using an LLM to score another LLM's output is expedient and dangerous. The judge has its own biases — ones that affect security evaluations specifically.
Frontier models offer impressive enterprise features. Security programs need deeper controls than chat can provide—controls that live in the engine around the model.
The structural case for engine-plus-LLM security reasoning — and why pure-LLM products in the Mythos class hit a ceiling that no parameter count can raise.
Weekly insights on software supply chain security, delivered to your inbox.