Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
CycloneDX is not a text format to be summarized — it's a typed graph with dozens of semantically-rich fields. Griffin AI consumes it as a graph. Mythos-class tools consume it as tokens. That difference decides every downstream finding.
An anonymized look at how a Fortune 500 financial services firm operationalized an enterprise SBOM program using Safeguard.sh across 4,200 applications.
From AI-generated code risks to regulatory enforcement, these are the supply chain security trends that will shape the year ahead.
Regulators across three continents are converging on a single demand: show where your training data came from. The engineering implications are larger than most labs have admitted.
Shallow call graphs miss real exploits; deep graphs surface them. We examine how Griffin AI and Mythos-class tools differ on depth, and why it matters.
A clear-eyed look at what parts of Executive Order 14028 actually made it into production across federal agencies, vendors, and the SBOM ecosystem by 2026.
A March 2025 GitHub Action compromise rewrote every tagged version to leak secrets. Here is the timeline, attack chain, and what repos need to change.
A benchmark number is only as good as the methodology that produced it. Here is how Griffin AI builds its harness and why most Mythos-class tools cannot be audited.
SQL injection stopped being a single-line bug years ago. Modern chains stitch a tainted parameter through ORMs, caches, background jobs, and downstream services. Griffin AI's engine-plus-LLM architecture follows the taint across those hops; Mythos-class pure-LLM scanners summarise one file at a time and lose the thread.
Weekly insights on software supply chain security, delivered to your inbox.