Skip to main content

Tag: model context protocol

9 articles

Cluttered software development workspace with AI coding assistant on monitor.

AI Reshapes Software Supply Chain Security Risks

The software supply chain security landscape has dramatically shifted in just 20 months, with AI tools and models now integral to building, deploying, and running software - and bringing new risks to the table. The old question of "what's in your code?" has given way to a more complex concern: what happens when AI coding assistants and autonomous agents start suggesting or producing code?

Analyst 207
Cluttered developer workspace with laptop, notes, and coffee cups in natural daylight.

Cursor Flaws Expose Developers to Zero-Click Attacks

Beware of DuneSlide, a pair of high-severity flaws that could let a single, innocent-looking prompt hijack your Cursor environment and unleash a zero-click attack on your computer - update to Cursor 3.0 now to stay safe!

Analyst 207
Developer workstation with laptop, terminal, and papers on a clean desk.

Amazon AI Coding Tool Exposes Cloud Credentials to Malicious Git Repos

A security vulnerability in Amazon's AI coding assistant, tracked as CVE-2026-12957, allowed malicious Git repositories to access sensitive cloud credentials, raising concerns about informed consent and user security. The flaw enabled automatic execution of commands with no user prompt required.

Analyst 207
Technicians work in a database server room with rows of computer racks and cables.

Security Flaws Exposed in Popular Database Projects' MCP Servers

Critical security flaws have been uncovered in MCP servers used by popular analytics databases, leaving them vulnerable to risks like SQL injection and full database takeover due to faulty validation and authentication processes. These defects, discovered by Akamai security analyst Tomer Peled, highlight a pressing need for enhanced security measures to protect sensitive data.

Analyst 207
Software development team collaborating in a modern, open-plan office.

Security Teams Lag Behind on Agentic AI Risks

The alarming truth is that agentic AI is already live in many production environments, but security teams are largely in the dark about the risks they're facing. This emerging threat can be categorized into three key areas: coding and productivity agents like Claude Code and GitHub Copilot, vendor-built agents, and custom-built agents.

Analyst 207
Developer workstation with laptop screen showing a trust prompt and blurred software development environment in the…

Anthropic's AI Tool Exposes to One-Click Remote Code Execution Risk

A single click on Claude Code's generic dialog can unleash a major security risk, allowing an unsandboxed Node.js process to spawn with full user privileges. This vulnerability can be exploited using just two common JSON files, putting developers at risk of one-click remote code execution.

Analyst 207
Dark abandoned factory with tangled wires, circuit boards, and broken machinery parts scattered around a small laptop.

MCP Flaw Exposes AI Supply Chain to Remote Code Execution Risk

A critical flaw in the Model Context Protocol could allow attackers to run malicious code across dependent machines, posing a remote code execution risk that ripples through the AI supply chain. This structural weakness, discovered by cybersecurity researchers, highlights a vulnerable link in the AI ecosystem.

Analyst 207
Dimly lit server room with eerie shadows, smoke, and a shattered laptop screen.

Anthropic's MCP Flaw Exposes 200K Servers to Takeover Risk

A security flaw in Anthropic's Model Context Protocol (MCP) could put a staggering 200,000 servers at risk of complete takeover, leaving thousands of machines vulnerable to attack. This design flaw, described as a vulnerability by security researchers, highlights a potentially disastrous weakness in a protocol meant to manage AI model context.

Analyst 207
Dimly lit server room with eerie blue laptop screen showing a locked door with a spreading crack.

Nginx Flaw Exploited for Server Takeovers

A critical vulnerability in Nginx UI's Model Context Protocol (MCP) support is being actively exploited, allowing attackers to take over servers without any authentication. If your organization exposes Nginx UI with MCP support, your servers may be at risk of a full takeover.

Analyst 207