TBTruong Buiinmcpsafe.hashnode.dev00Tool Poisoning in MCP Servers: The Silent Threat to AI Agents11h ago · 7 min read · Most security threats leave evidence in code. An injected shell command shows up in an AST. A hardcoded credential appears in a string literal. A network exfiltration call registers in a dependency grJoin discussion
TBTruong Buiinmcpsafe.hashnode.dev00The State of MCP Security: 8,286 Findings Across 508 Servers20h ago · 3 min read · The Model Context Protocol (MCP) has become the dominant standard for connecting AI agents to external tools and data sources. With over 150 million downloads and 7,000+ registered servers, it has croJoin discussion
TBTruong Buiinmcpsafe.hashnode.dev00What Is MCP Typosquatting and How to Detect It1d ago · 6 min read · The npm ecosystem learned about typosquatting the hard way. In 2018, the event-stream package — with 2 million weekly downloads — was handed off to a new maintainer who embedded a payload targeting BiJoin discussion
TBTruong Buiinmcpsafe.hashnode.dev00We Scanned 448 MCP Servers — Here's What We Found2d ago · 5 min read · MCP servers are not browser extensions. When you install one, you are adding a process to your system that may have direct access to your filesystem, network stack, environment variables, and shell. IJoin discussion
TBTruong Buiinmcpsafe.hashnode.dev00I Scanned 2,600 Public MCP Servers. The Supply Chain Is Rough.May 7 · 4 min read · A snapshot of what's broken in the Model Context Protocol ecosystem — from the kind of mistakes you'd expect to a few that should make you pause. I built MCPSafe, a free security scanner for Model ConJoin discussion
