AI Security
AI-BOM Adoption: State of the Art in 2026
The AI Bill of Materials went from concept paper to procurement requirement in under two years. Here is what the current state of the art actually looks like.
Feb 7, 20266 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
The AI Bill of Materials went from concept paper to procurement requirement in under two years. Here is what the current state of the art actually looks like.
Distillation compresses the capability of a large model into a small one for a narrow task. For high-volume security workflows, it is often the difference between a working pipeline and an unaffordable one.
You cannot audit what you cannot see. Frontier model training corpora are effectively opaque to their users, and that opacity is not incidental. It shapes what kinds of trust you can extend to the outputs.
Enterprise agent deployments have moved past pilot phase. The security patterns that have survived contact with production look different from the ones the industry was selling a year ago.
Domain adaptation has quietly become the default for LLM-assisted vulnerability detection. A look at what works in 2026, what does not, and what teams should plan for next.
Prompt injection is not a vulnerability that will be patched. It is what happens when a system cannot distinguish the instructions it is supposed to follow from the data it is supposed to process.
The Model Context Protocol went from a single-vendor proposal to a multi-implementation standard in under eighteen months. The security implications are still being worked out in public.
Weekly insights on software supply chain security, delivered to your inbox.