Tag: model context protocol
9 articles

AI Reshapes Software Supply Chain Security Risks
The software supply chain security landscape has dramatically shifted in just 20 months, with AI tools and models now integral to building, deploying, and running software - and bringing new risks to the table. The old question of "what's in your code?" has given way to a more complex concern: what happens when AI coding assistants and autonomous agents start suggesting or producing code?

Cursor Flaws Expose Developers to Zero-Click Attacks
Beware of DuneSlide, a pair of high-severity flaws that could let a single, innocent-looking prompt hijack your Cursor environment and unleash a zero-click attack on your computer - update to Cursor 3.0 now to stay safe!

Amazon AI Coding Tool Exposes Cloud Credentials to Malicious Git Repos
A security vulnerability in Amazon's AI coding assistant, tracked as CVE-2026-12957, allowed malicious Git repositories to access sensitive cloud credentials, raising concerns about informed consent and user security. The flaw enabled automatic execution of commands with no user prompt required.

Security Flaws Exposed in Popular Database Projects' MCP Servers
Critical security flaws have been uncovered in MCP servers used by popular analytics databases, leaving them vulnerable to risks like SQL injection and full database takeover due to faulty validation and authentication processes. These defects, discovered by Akamai security analyst Tomer Peled, highlight a pressing need for enhanced security measures to protect sensitive data.

Security Teams Lag Behind on Agentic AI Risks
The alarming truth is that agentic AI is already live in many production environments, but security teams are largely in the dark about the risks they're facing. This emerging threat can be categorized into three key areas: coding and productivity agents like Claude Code and GitHub Copilot, vendor-built agents, and custom-built agents.

Anthropic's AI Tool Exposes to One-Click Remote Code Execution Risk
A single click on Claude Code's generic dialog can unleash a major security risk, allowing an unsandboxed Node.js process to spawn with full user privileges. This vulnerability can be exploited using just two common JSON files, putting developers at risk of one-click remote code execution.

MCP Flaw Exposes AI Supply Chain to Remote Code Execution Risk
A critical flaw in the Model Context Protocol could allow attackers to run malicious code across dependent machines, posing a remote code execution risk that ripples through the AI supply chain. This structural weakness, discovered by cybersecurity researchers, highlights a vulnerable link in the AI ecosystem.

Anthropic's MCP Flaw Exposes 200K Servers to Takeover Risk
A security flaw in Anthropic's Model Context Protocol (MCP) could put a staggering 200,000 servers at risk of complete takeover, leaving thousands of machines vulnerable to attack. This design flaw, described as a vulnerability by security researchers, highlights a potentially disastrous weakness in a protocol meant to manage AI model context.

Nginx Flaw Exploited for Server Takeovers
A critical vulnerability in Nginx UI's Model Context Protocol (MCP) support is being actively exploited, allowing attackers to take over servers without any authentication. If your organization exposes Nginx UI with MCP support, your servers may be at risk of a full takeover.