You might be also interested in
Back To All Blog
MCP Server Security — A Complete Guide to the AI Supply Chain Vulnerability
Comprehensive guide to the 2026 MCP security disclosure: 200,000+ exposed server instances, 14 CVEs, the STDIO architectural flaw, and what to do about it.
An MCP Security Playbook for Surviving the Next Vulnerability Disclosure
Seven-step MCP security playbook with time and cost estimates — server inventory to reasoning-layer telemetry — for teams acting before the next CVE.
Claude Code as an Attack Vector When Your AI Developer Tool Is the Entry Point
Claude Code carries two CVEs enabling RCE and API key theft via MCP. Learn how tool poisoning, rugpull attacks, and GTG-1002 turn AI dev tools into entry points
The JFrog Universal MCP Registry and the Arrival of Enterprise AI Governance
JFrog Universal MCP Registry launched April 2026 — first enterprise MCP governance. Compare JFrog, TrueFoundry, and Kiteworks for your organisation.
Shadow MCP and the Developers Adding AI Integrations Without IT Approval
Shadow MCP is the new shadow IT. Learn how to audit MCP servers in your organisation, build an approval process, and brief the board on the risk.
The By Design Architectural Flaw and Why Patching Won’t Solve MCP Security
Patching MCP CVEs won’t fix the root cause. Learn why the STDIO transport model creates a structural trust problem no patch can close, and what actually does.
How the OX Security Audit Exposed 7,000 Plus MCP Servers, 14 CVEs, and One Design Flaw
OX Security’s April 2026 audit of 7,000+ MCP servers uncovered 14 CVEs, a STDIO command-injection flaw, and 200,000 exposed instances across 150M downloads.
Inside CVE-2026-26029, the Salesforce MCP Remote Code Execution
CVE-2026-26029 is a CVSS 7.5 HIGH RCE in Salesforce’s MCP server. Learn the mechanism, patch status, and triage steps for LiteLLM, Windsurf, and Cursor.