Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A function whose output space is finite and enumerable can be secured by testing. A function whose output space is every string of tokens up to some length cannot. That difference quietly invalidates most classical security contracts.
The first enforcement window under the EU AI Act has closed. The actual pattern of enforcement looks different from the one vendors and advocacy groups predicted.
MCP servers connect AI agents to your infrastructure. Here's how to secure them without killing the productivity gains.
Every HTTP vulnerability begins at a route. Griffin AI models routing; Mythos-class tools guess it. That difference shapes every downstream finding.
Copilot's code review is useful. It is also not a security review, and treating it as one is how vulnerabilities ship. Here is what it actually catches.
Reka's multimodal models are interesting for specific security workflows. The question is whether multimodal is the binding constraint, and usually it isn't.
AI incidents are not the same shape as traditional security incidents. The playbooks need to be specific to how AI systems actually fail.
Gemma is built for efficiency. Can a small open-weight model replace Griffin AI for lightweight scanning workflows, or does the engine still matter?
What happens when the bug does not match any known CWE? A study of how grounded and pure-LLM scanners perform on genuinely novel vulnerability patterns.
Weekly insights on software supply chain security, delivered to your inbox.