BBBobby Blaineinbobbyblaine.hashnode.dev·Apr 15 · 6 min readMCP Security Crisis: 30 CVEs in 60 DaysIn January and February 2026, security researchers filed 30 CVEs against MCP servers in just 60 days. Among 2,614 surveyed implementations, 82% were vulnerable to path traversal. The worst offender, CVE-2025-6514, scored a CVSS 9.6 for remote code ex...00
BBBobby Blaineinbobbyblaine.hashnode.dev·Apr 15 · 6 min readYour MCP Server Is Probably VulnerableIn January and February 2026, security researchers filed 30 CVEs against MCP servers in just 60 days. Among 2,614 surveyed implementations, 82% were vulnerable to path traversal. The worst offender, CVE-2025-6514, scored a CVSS 9.6 for remote code ex...00
BBBobby Blaineinbobbyblaine.hashnode.dev·Mar 2 · 5 min readSlopsquatting: AI Hallucinations as Supply Chain AttacksOne in five AI-generated code samples recommends a package that does not exist. Attackers are registering those phantom names on npm and PyPI with malware inside. The term for this is slopsquatting, and it is already happening. What Slopsquatting Act...00
BBBobby Blaineinbobbyblaine.hashnode.dev·Mar 1 · 5 min readContext Engineering: CLAUDE.md and .cursorrules75% of engineers use AI tools daily. Most organizations see no measurable productivity gains from them. Faros AI sums it up: "Clever prompts make for impressive demos. Engineered context makes for shippable software." When your AI coding agent enters...00
BBBobby Blaineinbobbyblaine.hashnode.dev·Feb 27 · 6 min readSpec-Driven Development: Write the Spec, Not the CodeVibe coding got developers building fast. It also got them rebuilding fast. The pattern: describe what you want, accept the AI's output, ship it. Then spend the next week debugging assumptions the model made because you never stated them. Spec-driven...00