Every processed story in chronological order, with the newest coverage first. Filter by tag, source, or score to drill in.
The post reframes MCP defense away from input filtering toward hardening server-side handlers, arguing that a safe handler is a structural wall while input filtering is only a sieve — a distinction that changes where security effort should be concentrated.
Because Anthropic formally declined to patch the root cause of the disclosed RCE vulnerabilities at the protocol level, every downstream MCP framework that inherited the reference SDK design also inherited the flaw — making server-level hardening the primary line of defense across an ecosystem with over 150 million package downloads in scope.
This survey provides a unified, systems-oriented framework for a rapidly expanding but fragmented field, identifying both the dominant attack surfaces and the gaps in current defenses and benchmarks that leave deployed LLM agents exposed.
The attack demonstrates that the unauthenticated nature of Sentry DSNs creates an exploitable input channel for prompt-injection-style attacks against coding agents, and that the only control that worked in the reported case was the model's own judgment — a defense the post explicitly flags as unreliable.
Author Uzy maps 100 detection signatures in open-source firewall InferenceWall to MITRE ATLAS technique IDs, arguing that any AI security tool that can't show ATLAS coverage is "hiding something."