Articles & essays on AI security.

A new immersive simulation that lets security teams experience prompt-injection attacks firsthand through three progressive difficulty levels: Command Center, Data Gateway, and Nexus. Concepts stick when you've had to defend against them.

Three attack vectors (tool poisoning, tool shadowing, and rugpull attacks) manipulate AI agents' reasoning layers. Practical enterprise defense strategies including tool governance, version control, and observability measures.

How attackers embed malicious instructions in the tool descriptions used via Model Context Protocol (MCP): covering hidden instructions, misleading examples, and permissive schemas. Plus the defensive measures that actually hold up.

The data leakage problem in AI systems is less about exotic attacks and more about plumbing: pipes that weren't designed to carry the data they're now carrying. What enterprise security teams should be looking for.

Securing Model Context Protocol (MCP) servers with Pangea's AI Guard guardrails, preventing prompt injection and data leakage without modifying existing code.

How AI Guard delivers customizable guardrails against prompt injection and data leakage, comparing SaaS and Edge deployment so organizations can run it in the cloud or on infrastructure they control.

Why robust logging is essential for AI applications: the operational, security, and compliance risks of inadequate logging, and best practices for effective logging frameworks.

Enhancements to Pangea's GitHub Copilot extension: generate code samples, create accounts, and initialize security services directly within VS Code's Copilot Chat.

How healthcare developers can implement effective access control to protect patient data and maintain HIPAA compliance: covering RBAC/ABAC models, MFA, and audit logging.

Implementing Attribute-Based Access Control (ABAC) in banking systems with Pangea's authorization service: resources, roles, relationships, and attribute-based rules.

Comparing the three major authorization models (Role-, Relationship-, and Attribute-Based Access Control), their trade-offs, and how to set up RBAC policies with Pangea.

A developer's guide to HIPAA audit log requirements for enterprise healthcare systems (what to log, retention standards, and best practices) with Pangea's audit log service for tamper-proof records.

A tutorial on integrating passkey authentication into Django apps with Pangea's AuthN service, from new project to enabling passkeys in the Pangea console.

SAML as an authentication standard enabling single sign-on and secure credential exchange across apps, and how Pangea supports it.

A recap of Pangea's time at THAT Conference Texas: networking, talks on cloud design patterns and secure-by-design culture, and raffle winners.

Integrating Pangea security APIs into GitHub Actions workflows to run secure-coding checks: malicious-URL detection and secrets management via Pangea Vault.