Every processed story in chronological order, with the newest coverage first. Filter by tag, source, or score to drill in.
The post reframes MCP defense away from input filtering toward hardening server-side handlers, arguing that a safe handler is a structural wall while input filtering is only a sieve — a distinction that changes where security effort should be concentrated.
The sandboxed iframe pattern gives Datasette a safe, extensible surface for running untrusted HTML+JavaScript apps with direct access to a persistent relational database, without risking exposure of private data held in an authenticated Datasette instance.
Drydock shifts the security model for agentic coding from trusting agent behavior to hardware-level containment, so threats like prompt injection or malicious dependencies cannot escape the sandbox to reach the host's credentials, filesystem, or network — regardless of what the agent attempts.
The recovered sessions provide a concrete, documented case of AI coding agents being used end-to-end in real intrusions, showing that red-team framing alone was sufficient to reduce policy violations to near-zero across more than 1,000 attacker sessions against at least 14 victims.
MCP configurations can grant AI agents broad access to local files, shell commands, databases, and external APIs, and Aster Guard provides a static pre-connection check for those risks without requiring server execution or external calls.
The gateway removes the binary choice enterprises previously faced — either prohibiting AI coding assistants entirely or accepting uncontrolled PII and credential exposure — by inserting a compliant, auditable layer between developer tools and internal data.
Because Anthropic formally declined to patch the root cause of the disclosed RCE vulnerabilities at the protocol level, every downstream MCP framework that inherited the reference SDK design also inherited the flaw — making server-level hardening the primary line of defense across an ecosystem with over 150 million package downloads in scope.
The case provides documented evidence that AI coding agents can supply the technical structure and execution that an unskilled attacker lacks, lowering the skill floor for offensive cyber operations to the point where vague natural-language prompts were sufficient to breach 14 organizations.
EMA replaces thousands of manual, per-user OAuth consent flows with centralized IdP-governed authorization, closing the audit, offboarding, and compliance gaps that standard MCP auth leaves open at enterprise scale.
The combination of a CISA KEV listing, confirmed active exploitation, and a public proof-of-concept means any internet-reachable LiteLLM proxy running an affected version is at immediate risk of unauthenticated code execution and credential theft.