🧨 Caution: Cursor + Supabase MCP will leak your private SQL tables — it’s only a matter of time. In our latest test, a simple user message was enough to make Cursor leak integration_tokens to the attacker who submitted it. Here’s the anatomy of the breach 🧵 (1/6)

We said no to two acquisition offers. Here is why: In the past year most of our competitors in the AI security/safety space have gotten acquired. Feels like consolidation season! Lakera acquired by Check Point Software (~300M) Pangea Cyber by CrowdStrike (~260M) Prompt

Send us an email if you need dedicated hosting for our guardrails!

GA Guards deliver almost 400× faster performance than GPT-5 (Lite: 0.016s vs 11.275s; Base: 0.029s) and 15–25× faster than cloud guardrails.

On GA Long-Context Bench, GA Guard Thinking scores 0.893 F1, GA Guard 0.891, and GA Guard Lite 0.885. Cloud baselines struggle: Vertex reaches 0.560, AWS misclassifies nearly all inputs with a 1.0 false-positive rate, and Azure records just 0.046 F1 (see the full results on our

We evaluated GA Guards on public moderation suites such as OpenAI Moderation, HarmBench, and WildGuard. Across all three, our models consistently outperform major cloud guardrails and even surpass GPT-5 (when prompted to act as a guardrail) while running far faster.

The lineup: GA Guard (4B) – our default, up to 15x faster than cloud providers. GA Guard Lite (0.6 B) – ultra-fast (up to 25x faster) with minimal hardware. GA Guard Thinking (4B) – hardened for high-risk domains. GA Guards are trained to detect 7 categories of harmful

We are open-sourcing the GA Guard models — the first family of long-context safety classifiers that have been protecting enterprise AI deployments for the past year.

Full Case Study:

Questions or need help? info@generalanalysis.com – let’s secure your agents end-to-end.

Why This Breaks Everything (5/6) Once the spoofed conversation lands: Unlimited control – attackers can call any MCP endpoint (payments, cloud, GitHub, you name it) Full privilege escalation – every action runs with your credentials, no extra auth step Hidden in plain sight

Full-Conversation Attack (4/6) With this exploit, the attacker can put words into the user's mouth and call any arbitrary tools from their Claude desktop app. The attacker packs a seven-turn dialogue—alternating “attacker” and “owner” lines—into one SMS. Each line is tagged

The Metadata-Spoofing Attack (3/6) An attacker can send an imessage, injecting escaped is_from_me, date, and sender tags into the body. The attacker crafts a fake multi-turn conversation by doing so. If you ask Claude to rewrite that payload, it spits out natural-language

How iMessage MCP Feeds Claude (2/6) Every SMS/MMS is parsed by the iMessage extension into a JSON object { content, date, sender, is_from_me: true/false } The object is sent directly to Claude with no signature or provenance checks. That raw blob is all Claude sees when

Warning: Claude + iMessage MCP Jailbroken to issue unlimited Stripe Coupons (1/6) A few months ago we showed how Cursor + Supabase MCP can leak your entire SQL database. Now there’s a more powerful threat: by abusing Claude’s iMessage integration, an attacker can spoof your own

💣 Full-Conversation Attack (4/6) With this exploit, the attacker can put words into the user's mouth and call any arbitrary tools from their Claude desktop app. The attacker packs a seven-turn dialogue—alternating “attacker” and “owner” lines—into one SMS. Each line is tagged

🔍 The Metadata-Spoofing Attack (3/6) An attacker can send an imessage, injecting escaped is_from_me, date, and sender tags into the body. The attacker crafts a fake multi-turn conversation by doing so. If you ask Claude to rewrite that payload, it spits out natural-language

📲How iMessage MCP Feeds Claude (2/6) Every SMS/MMS is parsed by the iMessage extension into a JSON object { content, date, sender, is_from_me: true/false } The object is sent directly to Claude with no signature or provenance checks. That raw blob is all Claude sees when

We've released an open source MCP guard to secure your MCP clients against prompt injection attacks like these. Install with three commands for free! https://t.co/EO1EVH98bD

visit https://t.co/SYXzGR2fxR for the full documentation.

Secure your MCP clients against prompt injection attacks in Cursor, Claude Code, and Claude desktop with three commands for free. $pip install generalanalysis $ga login $ga configure and you are secure!