Job postings now have prompt injections too! 👀 @dion0_0y spotted this one

Oh wow, more AI malware (uses Claude Code to search for credentials). Is this the exponential takeoff moment people kept mentioning? https://t.co/cJfe1WWO5e

💙 Big congrats and thanks to the whole team for this small but meaningful milestone. mcp-scan all your servers today and discover all the lethal trifectas near you. Repo: https://t.co/O8zpg9xwUZ

Great post by @liran_tal @kwhuszcza @marc_r_fischer about the recent JIRA MCP 0-click and how mcp-scan helps you identify similar issues. Since 0.3.5 we now include built-in tools in security scanning. Toxic flow analysis in action. https://t.co/N4zsF86Qsp

I gave a talk on Wednesday at the Bay Area AI Security Meetup about prompt injection, MCP security and the lethal trifecta. Here are the annotated slides from my presentation, including notes on my weird hobby of trying to coin or amplify new terms of art

😈 BEWARE: Claude 4 + GitHub MCP will leak your private GitHub repositories, no questions asked. We discovered a new attack on agents using GitHub’s official MCP server, which can be exploited by attackers to access your private repositories. creds to @marco_milanta (1/n) 👇

One of our engineers, Hemang, has created this nice example repo of an MCP Streamable HTTP implementation. This is where things are heading for MCP, post SSE. We are also adding support to Gateway right now. https://t.co/pyRkYLAavi

Thanks @ai_risks for the generous prize! AgentDojo is the reference for evaluating prompt injections in LLM agents, and is used for red-teaming at many frontier labs. I had a blast working on this with @edoardo_debe @JieZhang_ETH @marc_r_fischer @lbeurerkellner @mbalunovic

aaaand we passed 500 stars 🤩 https://t.co/frHJtsELrO

Great write-up of MCP security, including our research from @InvariantLabsAI.

We recently shipped a lot of updates to mcp-scan: - whitelisting of tools - Improvements to the server (reducing false-positives, improving detection) - run via npm/npx Much more coming soon! https://t.co/frHJtsELrO #mcp

I think Simon raises an important point here. LLM and agent security cannot be solved by a simpler classifier. Instead, Guardrails focuses on detecting guardrail violations on a behavioral level. It analyzes the data flow and active agent context, to make sure, that even if a

4/ How to safeguard? - Make sure only trusted MCP servers are being downloaded and used - Keep minimal funds in your crypto wallet MCP - Allow minimal access for MCP actions - Use MCP-Scan

Disclaimer: We use Invariant Guardrails server-side via an API and we are collect tool names and descriptions (no personal data). Don't use it if you don't want to share your tools.

GitHub:

It already supported Claude, Cursor, Windsurf and we just added support for VS Code MPC too.

uvx mcp-scan@latest Scans your local MCP setup for vulnerabilities. After @lbeurerkellner's recent MCP discoveries, we found it quite important to build. It is open source and out now. Feedback would be greatly appreciated.

After covering MCP vulnerabilities over the last few days, today, we are launching MCP-scan, a security scanner to detect MCP attacks. Run it now: uvx mcp-scan@latest 🧵

🚀🔒 We created a security scanner to detect MCP attacks. Please check it out, and give feedback. * Supports Claude, Cursor, Windsurf • Checks for tool poisoning • Checks for rug pull (tool hashing) • Detects cross-origin violations (shadowing) uvx mcp-scan@latest

🛡️Thoughts on the MCP vulnerability and why it's not an easy fix (1/n) To stay updated about agent security, please follow and sign up for early access to Invariant below. We have been working on this problem for years (at Invariant and in research). https://t.co/eUwik7FNhD