TBTruong Buiinmcpsafe.hashnode.dev00Tool Poisoning in MCP Servers: The Silent Threat to AI AgentsMay 14 · 7 min read · Most security threats leave evidence in code. An injected shell command shows up in an AST. A hardcoded credential appears in a string literal. A network exfiltration call registers in a dependency grJoin discussion
TBTruong Buiinmcpsafe.hashnode.dev00What Is MCP Typosquatting and How to Detect ItMay 13 · 6 min read · The npm ecosystem learned about typosquatting the hard way. In 2018, the event-stream package — with 2 million weekly downloads — was handed off to a new maintainer who embedded a payload targeting BiJoin discussion
TBTruong Buiinmcpsafe.hashnode.dev00We Scanned 448 MCP Servers — Here's What We FoundMay 12 · 5 min read · MCP servers are not browser extensions. When you install one, you are adding a process to your system that may have direct access to your filesystem, network stack, environment variables, and shell. IJoin discussion
TBTruong Buiinmcpsafe.hashnode.dev00I Scanned 2,600 Public MCP Servers. The Supply Chain Is Rough.May 7 · 4 min read · A snapshot of what's broken in the Model Context Protocol ecosystem — from the kind of mistakes you'd expect to a few that should make you pause. I built MCPSafe, a free security scanner for Model ConJoin discussion
