Context Imagine that the AI assistant’s tool was actually safe at first – perhaps you used it for days without issue. Then, one day, it suddenly starts behaving maliciously, even though you never installed a new tool. This is the “rug pull”…
Secrets in the Wind: Environment Variables, URLs, and the Leaky Abstractions
Context In the evolving landscape of MCP servers and AI agents, a new category of risk is emerging: sensitive data exposure through dynamic access mechanisms. We’re talking about secrets not statically written to disk, but fetched on demand — via environment variables, command-line outputs,…