Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Salt Typhoon's 2024 intrusions into U.S. telecoms reframed supply chain risk as a routing and lawful-intercept problem. Here is what the campaign looked like from a defender's seat.
CVE-2025-23006 is a pre-auth deserialization RCE in SonicWall SMA 1000. Exploit chain, detection signals, and appliance hardening.
Audit logs are where enterprise AI either proves its seriousness or exposes its improvisation. The gap between Griffin AI and Mythos-class products is visible in the first day of a real audit.
Deep reasoning models are transformative for hard logical problems. Security reasoning is only partially a logic problem—the rest is grounding, policy, and workflow.
Distillation compresses the capability of a large model into a small one for a narrow task. For high-volume security workflows, it is often the difference between a working pipeline and an unaffordable one.
Proposed legislation would require SBOMs for all critical infrastructure software. Here's a detailed analysis of the bill and its implications.
Workload Identity Federation is the right way to give Cloud Build and external CI access to GCP. Here is the architecture, the traps, and the rollout plan.
A phishing-obtained GitHub token published a wallet drainer as @ledgerhq/connect-kit in Dec 2023. What the incident tells us about Web3 supply chain trust.
You cannot audit what you cannot see. Frontier model training corpora are effectively opaque to their users, and that opacity is not incidental. It shapes what kinds of trust you can extend to the outputs.
Weekly insights on software supply chain security, delivered to your inbox.