MCP Marketplace Audit - 32% of Servers Are Stale
We pulled 11,447 MCP servers from four registries, ran the GitHub and OSV APIs against them, and tried to install the top 100. Nearly a third haven't been touched in six months.
Articles Tagged "Security"
Vercel Breach Traced to AI Office Suite OAuth Token Theft
Vercel confirms an April 19 intrusion that pivoted from compromised OAuth tokens at AI office-suite startup Context.ai into a Vercel employee's Google Workspace, then into internal systems holding non-sensitive environment variables for a limited set of customer projects.
LLM Jailbreak and Red-Team Resistance Leaderboard
Rankings of 14 frontier LLMs by adversarial robustness - how well they resist jailbreaks, prompt injection, and harmful-behavior elicitation across HarmBench, AdvBench, StrongREJECT, JailbreakBench, and AgentHarm.
World ID 4.0 Brings Human Verification to Tinder and Zoom
Sam Altman's World project launched World ID 4.0 at a San Francisco event on April 17, signing Tinder, Zoom, DocuSign, and Okta as partners while introducing Agent Kit to authorize AI agents.
MCP's STDIO Flaw Puts 200K AI Servers at Risk
Ox Security found that MCP's STDIO transport executes arbitrary OS commands before validating the server, exposing 200K+ instances across every major AI coding tool.
Gemini CLI X Account Hacked to Push Pump.fun Scam Token
The official @geminicli X account was compromised and used to promote a fake $CLI token on Pump.fun. Users quickly identified it as a scam.
Cal.com Closes Its Source Code, Blames AI Hackers
Cal.com moved its core codebase to a private repo after five years of open source, arguing AI tools make public code 5-10x easier to exploit. The community isn't buying it.
GPT-5.4-Cyber Review: Defensive AI, Controlled Access
OpenAI's GPT-5.4-Cyber is a fine-tuned defensive cybersecurity model with binary reverse engineering, lowered refusal thresholds, and restricted access through the Trusted Access for Cyber program.
OpenAI Launches GPT-5.4-Cyber for Vetted Defenders Only
OpenAI's GPT-5.4-Cyber is a restricted model fine-tuned for defensive cybersecurity with binary reverse engineering and reduced refusal rates, available only through identity-verified access tiers - a direct response to Anthropic's Mythos Preview.
Opus 4.7 Reportedly Days Away as OpenAI Fires Back With GPT-5.4 Cyber
The Information reports Anthropic is prepping Claude Opus 4.7 and an AI design tool for imminent release, while OpenAI launched GPT-5.4-Cyber yesterday - a restricted cybersecurity model that directly challenges Claude Mythos.
9 of 428 LLM Routers Were Secretly Hijacking Agent Calls
UC Santa Barbara researchers found 9 of 428 third-party LLM routers actively injecting malicious tool calls, draining crypto, and stealing AWS credentials from AI agent sessions.
Claude Mythos Preview
Claude Mythos Preview is Anthropic's most capable model - restricted to 50 orgs via Project Glasswing, with 93.9% on SWE-bench Verified and thousands of autonomous zero-day discoveries.
