mcp

3 articles
sort: new top best
clear filter
bug-bounty408 google401 xss352 microsoft316 facebook286 exploit192 apple187 rce176 malware148 cve111 account-takeover96 browser89 csrf86 writeup71 privilege-escalation66 phishing63 dos60 react60 supply-chain58 bragging-post55 authentication-bypass54 node51 cloudflare51 ssrf50 docker48 aws48 access-control46 reverse-engineering46 smart-contract45 web345 ethereum43 oauth42 defi42 pentest41 sql-injection40 idor36 lfi36 info-disclosure35 race-condition34 cloud32 smart-contract-vulnerability32 auth-bypass31 buffer-overflow31 wordpress30 clickjacking29 subdomain-takeover27 solidity27 vulnerability-disclosure25 cors24 web-application24
0 2/10
Pwning OpenClaw in 50 Messages
research

This article discusses a social engineering attack that exploits Claude Opus through the OpenClaw integration, demonstrating how an attacker can manipulate an AI agent into divulging sensitive information or credentials within 50 messages by exploiting trust relationships in MCP (Model Context Protocol) implementations.

social-engineering prompt-injection ai-agents mcp model-context-protocol claude llm-security jailbreak
OpenClaw Claude Opus Runlayer Anthropic OWASP
runlayer.com · gk1 · 12 hours ago · details · hn
0 2/10
MCP Doesn't "Suck"
threat-intel

This is a Runlayer marketing/blog hub aggregating articles about Model Context Protocol (MCP) security risks including prompt injection, social engineering of AI agents, malicious MCP servers, and data exfiltration vulnerabilities, along with enterprise security solutions and best practices for securing MCP implementations.

mcp model-context-protocol ai-agent-security prompt-injection social-engineering data-exfiltration oauth dynamic-client-registration enterprise-security tool-gateway owasp-top-10 sandbox authentication access-control
Runlayer OpenAI Anthropic Google Claude Opus OpenClaw Cursor GitHub Box AAIF Linux Foundation OWASP Vitor Balocco Tal Peretz Alex Frazer Jake Moghtader
runlayer.com · gk1 · 12 hours ago · details · hn
0 5/10
MCPs, CLIs, and skills: when to use what?
architecture-guide

Technical comparison of three AI tool primitives—Skills (documented processes), CLIs (composable developer tools), and MCPs (authenticated SaaS access with guardrails)—explaining when each excels based on use case, access control needs, and team composition rather than treating them as competing solutions.

ai-tools agent-architecture mcp cli access-control authentication automation workflow-design skills api-integration sandbox
Claude Anthropic Vercel Netlify GitHub CLI Cloudflare Wrangler Playwright Attio LinkedIn Outlook jngiam David Cramer
jngiam.bearblog.dev · ankit84 · 12 hours ago · details · hn