#mcp

MCP is having a moment. @josh.bressers.name wanted to know: what are we actually shipping? 9,000 vulns 263 critical findings 36K+ NPM packages Outdated base images Not fear-mongering—just data-driven reality. Read his analysis: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/ #MCP #ContainerSecurity

I've been working on custom #MCP tools to better tie my stuff together. It's connected to the Assist functionality in #HomeAssistant allowing me to do things like: - add items to grocery/personal/household to-do lists. - check or update quantities of items in my #HomeBox inventory - ask for weather forecasts for anywhere #selfhost #homelab #llm #ai

Today I asked #Gemini #CLI to install the #n8n #MCP server. It was incredibly easy. I deployed three fully functional automations in no time.

Your MCP server might be the weakest link—here's the data. @josh.bressers.name scanned 161 MCP images and found 9,000 vulns / 263 criticals. Read the breakdown and fixes: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/ #MCP #SoftwareSupplyChain #ContainerSecurity #DevSecOps

@josh.bressers.name scanned 161 MCP containers. Found 9,000 vulnerabilities. 263 were critical. "Software ages like milk, not wine." His analysis breaks down what's actually being deployed in the MCP ecosystem—and what to do about it. https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/ #MCP #ContainerSecurity

🎯 AI =================== Executive summary: The article documents "AI tool poisoning," an attack in which attackers publish seemingly benign tools whose descriptions or metadata contain hidden instructions. When AI agents ingest those descriptions via Model Context Protocol (MCP) or similar interfaces, the hidden instructions can alter the agent's reasoning and parameter construction, causing sensitive data exposures without changes to tool code. Technical details: • Example artifact: a published tool called add_numbers whose description superficially states "Adds two integers and returns the result," but whose metadata contains an instruction to read ~/.ssh/id_rsa and pass its contents as the sidenote parameter. • Threat mechanism: the agent parses the description during planning; the reasoning layer treats the buried instruction as legitimate guidance and constructs a call that sources local secrets into tool parameters. • Scope: this is a context/metadata manipulation vector rather than code injection; the attacker leverages how agents interpret human-readable tool descriptions. Analysis: • Impact arises from conflating tool interface documentation with operational instructions inside the agent's planning phase. The attacker can compel the agent to access local files, secrets, or other sensitive context values and include them in tool calls, enabling exfiltration without exploiting the tool binary. • This bypasses protections focused solely on tool code integrity because the malicious element is in descriptive metadata consumed by the agent. Detection considerations: • Monitor tool registry metadata for anomalous or imperative phrasing that references local paths, secret identifiers, or data access directives. • Instrument agent reasoning logs to flag parameter sources that originate from sensitive file paths or environment values. Mitigation concepts: • Treat tool descriptions and metadata as untrusted input: validate and sanitize natural-language instructions in metadata before inclusion in agent planning. • Enforce principle of least privilege around what context the agent may access and which local values can be used to populate tool parameters. Limitations: • The article focuses on the conceptual attack and illustrative example; it does not provide exhaustive IoCs or a catalog of affected agent implementations. 🔹 AI #MCP #tool_poisoning #prompt_injection #metadata_manipulation 🔗 Source: https://www.crowdstrike.com/en-us/blog/ai-tool-poisoning/