AI Security
The LLM Supply Chain: Risks Hiding in Foundation Models
Large language models have their own supply chains: training data, fine-tuning datasets, model weights, and serving infrastructure. Each layer introduces risk.
Nov 8, 20235 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Large language models have their own supply chains: training data, fine-tuning datasets, model weights, and serving infrastructure. Each layer introduces risk.
OAuth tokens grant access to APIs, services, and user data. Their security across creation, storage, use, and revocation determines your application risk posture.
CI/CD pipelines are treasure troves of secrets -- cloud credentials, API keys, signing certificates. Preventing credential theft from build environments is critical to supply chain security.
Deno was built with security as a first-class concern, requiring explicit permissions for file, network, and environment access. Here is an honest assessment of what that model delivers in practice.
Two years after Executive Order 14028 on federal cybersecurity, the operational impact is clearer. What actually changed, what stalled, and what is coming in year three.
Modern vehicles contain over 100 million lines of code. The automotive industry is waking up to software supply chain security, and SBOMs are central to the response.
CMMC 2.0 is reshaping defense contracting requirements. Here's how software supply chain security maps to the new maturity model.
Container escapes remain a real threat in multi-tenant environments. A look at the latest techniques, CVEs, and defenses as container security matures in 2023.
Deno requires explicit permission grants for file, network, and environment access. This capability-based model changes the supply chain risk equation.
Weekly insights on software supply chain security, delivered to your inbox.