Tag

#MCP

7 stories taggedMCP.

Macro photograph of a glowing computer terminal screen in a dark room displaying cascading green lines of code and error log text, with a single line subtly hig
AI Security

A Fake Error Message Hijacked AI Coding Assistants — and Security Tools Saw Nothing

Researchers planted a single bogus bug report in a popular developer service and watched AI coding agents obediently run the attackers' code. No password stolen. No alarm raised.

3 min
AI Security

Poisoned Tool Descriptions Turn Helpful AI Agents Into Quiet Exfiltration Channels

Microsoft Incident Response demonstrates how a single malicious MCP-style tool description can coax an agent into leaking corporate data — without tripping a single policy check.

3 min
Vulnerabilities

Amazon Patches CVE-2026-12957 in Q Developer: Malicious Repo Could Drain AWS Credentials via MCP

A workspace-trust prompt was all that stood between a developer and credential theft. Amazon has shipped a fix for the high-severity flaw in its AI coding assistant.

2 min
AI Security

MCP's Enterprise Overhaul Hands Security Problems to Developers

A major revision to the Model Context Protocol repositions itself as enterprise-ready — then quietly offloads the hard security work onto the teams building on top of it.

3 min
AI Security

Microsoft Expands Its Agentic AI Failure Taxonomy With Seven New Attack Classes

From inter-agent trust escalation to MCP plugin abuse, the updated taxonomy surfaces threat categories that didn't exist — or weren't well-understood — when Microsoft published its first version.

2 min
AI Security

One Click, Full Shell: Flowise MCP Flaw Scores 9.9 CVSS

A sandboxing failure in Flowise's MCP stdio implementation lets an attacker execute arbitrary OS commands with process-level privileges — and the patches so far don't close the hole.

2 min
AI Security

The Linux Foundation Wants DNS to Be the Phone Book for AI Agents

DNS-AID proposes using existing DNS infrastructure for agent discovery — no new directories, no vendor lock-in, no new protocols to trust.

2 min
© 2026 Threat Vectr