Safeguard
Resources

Supply Chain Security, in plain English.

Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.

Filtering by tag:#ai-supply-chain5 articles
All (5)AI Security (362)DevSecOps (175)Best Practices (168)Open Source Security (150)Incident Analysis (105)Vulnerability Analysis (103)Industry Analysis (100)Compliance (87)Regulatory Compliance (74)Container Security (74)Application Security (73)Vulnerability Management (59)Cloud Security (56)Software Supply Chain Security (51)Threat Intelligence (41)Supply Chain Attacks (36)Product (35)SBOM (34)SBOM & Compliance (30)Supply Chain Security (25)Ransomware (21)Regulation (20)Infrastructure Security (20)Industry Guides (19)Tools (18)Compliance & Regulations (18)Emerging Technology (17)Case Studies (17)Vulnerability Response (16)Risk Management (16)Tool Reviews (16)Incident Response (15)Agent Security (14)Security Strategy (13)Supply Chain (12)Frameworks (12)Dependency Security (11)Web Security (11)Kubernetes Security (9)Company (8)Standards (8)Architecture (8)Industry Trends (7)Secure Development (7)AppSec (7)How-To Guide (7)Zero-Day Exploits (7)Network Security (7)Dependency Management (7)Data Breach (7)Research (6)Tutorials (6)Security Operations (6)Organizational Security (6)Developer Security (6)Open Source (5)Breach Analysis (5)Code Security (5)Tool Comparison (4)Product Launch (4)Policy (4)Offensive Security (4)Tool Comparisons (4)Build Security (3)Industry (3)Vulnerability Research (3)Compliance & Frameworks (3)Regional Security (3)Policy & Compliance (3)SBOM Standards (3)Software Supply Chain (3)Analysis (3)Startup Security (3)Mobile Security (3)Hardware Security (3)Security (2)Zero-Day Analysis (2)Industry News (2)Release (2)SBOM and Compliance (2)Security Management (2)Threat Actors (2)API Security (2)Security Architecture (2)Security Culture (2)Social Engineering (2)DeFi Security (2)Cryptocurrency Security (2)Technical (1)Healthcare (1)Events (1)Product Update (1)Engineering (1)Language Security (1)Emerging Threats (1)Privacy (1)Lifecycle Management (1)Career Development (1)Tools & Platforms (1)Threat Modeling (1)Browser Security (1)Threat Analysis (1)Business Continuity (1)Runtime Security (1)Governance (1)Healthcare Security (1)Credential Attacks (1)Identity Security (1)PKI Security (1)Architecture Security (1)Nation-State Threats (1)Tools & Techniques (1)Privacy & Security (1)

Articles

RSS feed
Standards

NIST SSDF 1.2 Draft: What the Comment Period Revealed

NIST opened public comment on SP 800-218r1 SSDF v1.2 on December 17, 2025. The draft adds AI development practices, refines supply-chain controls, and aligns with EO 14306.

Feb 26, 20267 min read
AI Security

CycloneDX ML-BOM in 1.7: Implementation Guide

CycloneDX 1.7 was published in October 2025 and adopted by the General Assembly in December. We unpack what the ML-BOM capability means in practice for AI inventory.

Jan 15, 20267 min read
AI Security

CoSAI Releases Model Signing and Incident Response Frameworks

The Coalition for Secure AI published two operational frameworks in November 2025: Signing ML Artifacts and AI Incident Response. We unpack what each contains and how to adopt them.

Dec 4, 20257 min read
AI Security

SPDX 3.0 AI Profile: Building an AIBOM in Practice

SPDX 3.0 was published in March 2025 with a dedicated AI profile and a Dataset profile. We walk through how to produce a defensible AIBOM in SPDX format alongside or in place of CycloneDX.

Sep 18, 20257 min read
Incident Analysis

DeepSeek ClickHouse Exposure: When the AI Vendor Forgets the Database

In January 2025 Wiz Research found a wide-open ClickHouse instance belonging to AI startup DeepSeek, leaking chat history, API keys, and internal log streams. We unpack the AI-supply-chain implications.

Feb 10, 20257 min read

Stay informed

Weekly insights on software supply chain security, delivered to your inbox.

Blog | Safeguard — Software Supply Chain Security Insights