AI Security
Griffin AI vs Inflection Pi for Security Assistance
Feb 4, 20266 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Path traversal is the vulnerability class that punishes lazy analysis. Framework-specific path normalisation, OS-dependent separators, symbolic link resolution, and archive extraction all hide exploitable gaps behind code that looks defensive. Griffin's engine resolves path operations with actual semantics; Mythos reads the variable name and calls it a day.
A security AI that refuses too often is useless. One that refuses too rarely is dangerous. Griffin AI publishes calibrated refusal benchmarks; Mythos does not.
Practical answers to the most common CycloneDX vs SPDX questions: differences, tooling, regulatory preference, VEX support, and when to emit both.
Connect the Safeguard MCP server to Claude Desktop so your AI assistant can scan dependencies, read SBOMs, and suggest fixes grounded in real advisory data.
Leaky Vessels bundled four CVEs that let container processes escape into the host. Two years later the class is still mispatched and misunderstood.
Lino 2.0 is Safeguard's compliance model. The 2.0 release adds multi-jurisdiction mapping, control-level evidence, and a new export for audit packages.
A pragmatic architecture for ingesting, normalizing, and querying hundreds of thousands of SBOMs across an enterprise or agency, without drowning in noise.
Two years into Item 1.05 of Form 8-K, the SEC has clarified materiality, enforcement posture, and how Regulation S-K Item 106 cybersecurity narratives will be judged.
Weekly insights on software supply chain security, delivered to your inbox.