Developers building or using agentic coding tools should audit every trust boundary — MCP servers, third-party API routers, and auto-approve settings — since any content an agent reads is a potential injection vector capable of triggering unrestricted command execution.
Author Uzy maps 100 detection signatures in open-source firewall InferenceWall to MITRE ATLAS technique IDs, arguing that any AI security tool that can't show ATLAS coverage is "hiding something."