Independent security research
Security research on AI, agents, and MCP servers
I find and responsibly disclose vulnerabilities in Model Context Protocol (MCP) implementations and AI-assisted developer tools, then work with maintainers and site operators to get them fixed.
Recent advisories
-
Vet MCP Server SSE Transport DNS Rebinding Vulnerability
-
Amp AI Agent Allows API Key Exfiltration Via Prompt Injection
-
Kilo Code AI Agent Exposes Users to Supply Chain Attack Via Prompt Injection
-
Coder's Agent API Exposes User Chat History Via DNS Rebinding Attack
-
Unauthorized Crypto Transactions Enabled by thirdweb MCP Server
-
Grafana MCP Server Exposes Unauthenticated SSE Interface Enabling Remote Dashboard Manipulation