Security Research on AI, Agents, and MCP Servers.
Recent Advisories
-
Kluster’s Verify MCP Server Exposes Users to Credit Exhaustion - October 2025
-
Neo4j MCP Cypher Server Vulnerable to Database Takeover Via DNS Rebinding - October 2025
-
Vet MCP Server SSE Transport DNS Rebinding Vulnerability - October 2025
-
Amp AI Agent Allows API Key Exfiltration Via Prompt Injection - October 2025
-
Kilo Code AI Agent Exposes Users to Supply Chain Attack Via Prompt Injection - October 2025
-
Coder’s Agent API Exposes User Chat History Via DNS Rebinding Attack - September 2025
-
Unauthorized Crypto Transactions Enabled by thirdweb MCP Server - September 2025
-
Grafana MCP Server Exposes Unauthenticated SSE Interface Enabling Remote Dashboard Manipulation - September 2025