Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

Filter

All (20)AI Security (384)DevSecOps (197)Best Practices (175)Open Source Security (154)Vulnerability Analysis (117)Incident Analysis (114)Industry Analysis (107)Compliance (100)Application Security (97)Regulatory Compliance (89)Container Security (89)Cloud Security (70)Vulnerability Management (70)Software Supply Chain Security (65)Supply Chain Attacks (54)Threat Intelligence (47)SBOM (41)Product (35)Tools (32)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (24)Infrastructure Security (23)Regulation (20)Industry Guides (19)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Agent Security (16)Vulnerability Response (16)Risk Management (16)Tool Reviews (16)Incident Response (15)Security Strategy (13)Supply Chain (12)Frameworks (12)Data Breach (11)Dependency Security (11)Web Security (11)Open Source (9)Kubernetes Security (9)Company (8)Standards (8)Architecture (8)Industry Insights (7)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Vendor Comparison (6)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Breach Analysis (5)Code Security (5)Cryptocurrency Security (4)Tool Comparison (4)Mobile Security (4)Product Launch (4)Policy (4)Offensive Security (4)Tool Comparisons (4)Healthcare Security (3)Social Engineering (3)Build Security (3)Industry (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Hardware Security (3)Identity Security (2)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)DeFi Security (2)Incident Postmortem (1)Technical (1)Healthcare (1)Events (1)Product Update (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Credential Attacks (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed

AI Security

Securing MCP Servers Without Killing Developer Velocity

MCP servers are spreading inside engineering orgs faster than security teams can review them. Here is how to govern them without slowing teams down.

Apr 12, 20267 min read

AI Security

Enterprise MCP Registry Onboarding Process

A repeatable onboarding flow for adding MCP servers to an enterprise registry without becoming the team that says no to everything.

Apr 8, 20267 min read

AI Security

Scoped Credentials Per MCP Server: A Pattern

Long-lived shared tokens are the wrong unit of trust for MCP servers. Here is the per-server scoped-credential pattern and how to roll it out.

Apr 4, 20267 min read

AI Security

Tool-Call Audit: The Missing AI Observability Layer

Most AI observability stacks log prompts and completions. The actual security signal is in the tool calls. Here is how to capture it.

Mar 30, 20267 min read

AI Security

Out-Of-Band Confirmation For Irreversible Tool Calls

Some tool calls cannot be undone. Out-of-band confirmation is the cheapest defense for that small set, and the most expensive thing to skip.

Mar 25, 20267 min read

Best Practices

How to Secure AI Agents on the MCP Protocol

MCP gives AI agents real tools, real credentials, and real blast radius. Here is a hardening guide for running MCP servers in production without torching your environment.

Mar 24, 20267 min read

AI Security

MCP Server Capability Drift Detection

MCP servers do not stay still. Tool surfaces drift, scopes expand, and the server you approved is not the server in production. Here is how to catch that.

Mar 20, 20267 min read

AI Security

Prompt Injection Defence Stack 2026

No single control stops prompt injection. The current state of the art is a defence-in-depth stack with controls at five distinct layers. Here it is.

Mar 15, 20267 min read

AI Security

Griffin AI vs Claude Computer Use: Security

Claude's Computer Use lets an agent drive a GUI. For security, this is powerful and dangerous in equal measure. The architecture around it matters.

Mar 14, 20262 min read

Page 1 of 3

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.