All topics

security

55 pieces of writing

Every MCPHub instance started with the same admin password. I changed that.
vulnerability7 min read

Every MCPHub instance started with the same admin password. I changed that.

MCPHub shipped every installation with the hardcoded credential admin/admin123 and published it in the README. The fix generates a cryptographically random password per instance.

LightRAG's Memgraph backend had a Cypher injection vulnerability hiding in plain sight
vulnerability7 min read

LightRAG's Memgraph backend had a Cypher injection vulnerability hiding in plain sight

security12 min read

Environment variables are the new command line: how AI agents keep leaking secrets through configuration files

A single index change bypassed daily_stock_analysis's entire rate limiter
vulnerability7 min read

A single index change bypassed daily_stock_analysis's entire rate limiter

A self-hosted stock analysis platform trusted the leftmost X-Forwarded-For entry for rate limiting, letting attackers rotate IPs and brute-force the admin login at will.

TeamPCP compromised the AI proxy that holds everyone's API keys
security9 min read

TeamPCP compromised the AI proxy that holds everyone's API keys

PraisonAI let YAML config files set LD_PRELOAD and nobody checked
vulnerability7 min read

PraisonAI let YAML config files set LD_PRELOAD and nobody checked

Git tags, package registries and extension marketplaces share the same broken authentication model
security12 min read

Git tags, package registries and extension marketplaces share the same broken authentication model

Git tags, package registries and AI extension marketplaces all share the same authentication failure - and attackers have noticed the pattern before defenders did.

gptme was passing API keys on the command line where any user could read them
vulnerability8 min read

gptme was passing API keys on the command line where any user could read them

Hermes Agent's worktree feature copied arbitrary files from your filesystem
security7 min read

Hermes Agent's worktree feature copied arbitrary files from your filesystem

Summarize's localhost daemon accepted requests from any website
security7 min read

Summarize's localhost daemon accepted requests from any website

A popular summarisation tool trusted every browser origin that asked. Fixing it meant thinking about who should be allowed to talk to your localhost.

Prompt injection turned MCP-connected code assistants into attack proxies
security11 min read

Prompt injection turned MCP-connected code assistants into attack proxies

I found SQL injection in Hugging Face's AI skills framework and got it fixed in nine days
vulnerability7 min read

I found SQL injection in Hugging Face's AI skills framework and got it fixed in nine days

Anthropic's Claude Code Security found 500 zero-days. The methodology was the problem.
security8 min read

Anthropic's Claude Code Security found 500 zero-days. The methodology was the problem.

Anthropic's Claude Code Security found 500 zero-days in open-source code. The industry's reaction revealed more about the state of software security than the tool itself.

MCP gave AI tools a standard interface. Researchers found it was also an attack surface.
security12 min read

MCP gave AI tools a standard interface. Researchers found it was also an attack surface.

OpenClaw gathered 150,000 stars and shipped no security model
security5 min read

OpenClaw gathered 150,000 stars and shipped no security model