AI Security
AI-Generated Dockerfile Vulnerability Patterns
LLM-generated Dockerfiles repeat the same six or seven mistakes. Here is the pattern catalog and how to catch them before they ship.
Feb 18, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
LLM-generated Dockerfiles repeat the same six or seven mistakes. Here is the pattern catalog and how to catch them before they ship.
Slopsquatting is the practice of registering package names that LLMs hallucinate, turning AI coding assistants into an accidental distribution channel.
Real numbers for supply chain security in 2026 — tool spend, headcount, hidden costs, SMB vs enterprise ranges, and where teams over- and under-invest.
KubeCon + CloudNativeCon NA 2025 put supply chain security at the center of the cloud-native conversation. Here is what mattered for platform teams.
How Kubernetes RBAC determines what a supply chain attack can actually do once a compromised workload runs, and the RBAC patterns that meaningfully reduce blast radius.
The Gold Registry now carries 6,000+ curated zero-CVE packages and images across ten ecosystems. Here is what is in it, how it is built, and how to use it.
The Safeguard Research team measured how often AI coding assistants hallucinate non-existent packages, how sticky those hallucinations are, and what defenders should do.
Maven Central has historically been the quietest major registry for malware, but 2025 saw a measurable uptick in malicious artifacts and namespace abuse.
Reproducible builds used to feel academic. After a decade of supply chain attacks, they are the shortest path from an SBOM to a verifiable artifact. Here is the case.
Weekly insights on software supply chain security, delivered to your inbox.