Tag

#prompt-injection

2 articles tagged #prompt-injection. See all tags →

The MCP Security Problem Nobody Wants to Talk About
New
Tech··11 min

The MCP Security Problem Nobody Wants to Talk About

MCP took off faster than anyone's threat model. We wired arbitrary third-party tools straight into models that can't tell an instruction from data, then acted surprised when tool poisoning hit 72.8 percent and Anthropic's own Inspector shipped a CVSS 9.4 RCE. Here's the real attack surface, and what governance is finally starting to look like.

mcpsecurityai-agents
The New Prompt Injection Attack Surface: MCP, Tools, and Your Browser
Tech··12 min

The New Prompt Injection Attack Surface: MCP, Tools, and Your Browser

Prompt injection is the SQL injection of the AI era, except worse. SQLi has a clean fix. Indirect prompt injection doesn't, because an LLM reads instructions and untrusted data through the same channel with no reliable way to tell them apart. OWASP ranks it the number one risk in AI applications, and the numbers back that up.

prompt-injectionai-securitymcp