#MCP
7 stories taggedMCP.

A Fake Error Message Hijacked AI Coding Assistants — and Security Tools Saw Nothing
Researchers planted a single bogus bug report in a popular developer service and watched AI coding agents obediently run the attackers' code. No password stolen. No alarm raised.

Poisoned Tool Descriptions Turn Helpful AI Agents Into Quiet Exfiltration Channels
Microsoft Incident Response demonstrates how a single malicious MCP-style tool description can coax an agent into leaking corporate data — without tripping a single policy check.

Amazon Patches CVE-2026-12957 in Q Developer: Malicious Repo Could Drain AWS Credentials via MCP
A workspace-trust prompt was all that stood between a developer and credential theft. Amazon has shipped a fix for the high-severity flaw in its AI coding assistant.

MCP's Enterprise Overhaul Hands Security Problems to Developers
A major revision to the Model Context Protocol repositions itself as enterprise-ready — then quietly offloads the hard security work onto the teams building on top of it.

Microsoft Expands Its Agentic AI Failure Taxonomy With Seven New Attack Classes
From inter-agent trust escalation to MCP plugin abuse, the updated taxonomy surfaces threat categories that didn't exist — or weren't well-understood — when Microsoft published its first version.

One Click, Full Shell: Flowise MCP Flaw Scores 9.9 CVSS
A sandboxing failure in Flowise's MCP stdio implementation lets an attacker execute arbitrary OS commands with process-level privileges — and the patches so far don't close the hole.

The Linux Foundation Wants DNS to Be the Phone Book for AI Agents
DNS-AID proposes using existing DNS infrastructure for agent discovery — no new directories, no vendor lock-in, no new protocols to trust.