security
November 3, 2025
Technique contributed by: Sachin Keswani
SAFE-T2107: When Your AI Tool Learns the Wrong Lesson
How attackers plant backdoors in ML models powering MCP tools—and how to defend your AI supply chain
Read full postBlog
Announcements, releases, tutorials, and insights from the SAFE-MCP community.
security
November 2, 2025
Bishnu Bista
SAFE-T1101: When Your AI Agent Becomes a Remote Shell
The classic vulnerability gets a dangerous upgrade in the MCP era—here's how command injection manifests in AI tool ecosystems and what you can do about it
Read full postsecurity
November 1, 2025
Technique contributed by: Frederick Kautz
SAFE-T1007: When "Connect Your GitHub" Becomes an Attack Vector
How OAuth consent screens in MCP workflows become sophisticated phishing traps—and the zero-trust architecture that stops them
Read full postsecurity
October 31, 2025
Technique contributed by: Frederick Kautz
SAFE-T1001: The Invisible Instructions Your Agent Obeys
How attackers weaponize MCP tool metadata to hijack AI agent behavior—and what you can do to detect and prevent it
Read full postSecurity
October 30, 2025
Technique contributed by: Bishnu Bista
SAFE-T1111: AI Agent CLI Weaponization
The August 2025 Nx breach revealed a new attack vector that turns developer tools into automated spies
Read full postsecurity
October 28, 2025
Bishnu Bista, Arjun Subedi
MCP is Everywhere. Its Security Playbook Shouldn't Be Nowhere.
The Model Context Protocol (MCP) is having a moment. GitHub repos implementing MCP servers are multiplying weekly. Major companies are adopting it as their standard for tool integration. What started
Read full post