SShortSingh.
Back to feed

Security researcher builds static scanner to catch hidden MCP tool poisoning attacks

0
·2 views

A security researcher has developed an open-source tool called mcpscan after discovering that malicious instructions can be hidden inside MCP server manifests using invisible Unicode characters, such as zero-width spaces and bidirectional overrides, making them undetectable during code review. The attack class, known as tool poisoning, embeds harmful directives in tool metadata rather than executable code, causing AI agents to silently follow instructions like exfiltrating SSH keys or environment files. The threat is timely given the MCP ecosystem surpassed 14,000 public servers in 2026, with one 60-day period alone producing over 30 CVEs, nearly 43 percent of which involved command injection, and 492 servers found exposed without any authentication. mcpscan is a static, offline Python tool requiring no runtime dependencies that scans MCP manifests, Claude Code project directories, and source files for twelve categories of risk before installation. The tool and its deliberately vulnerable test fixtures are publicly available on GitHub for developers to audit MCP servers prior to deployment.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Seven AI Tools SDETs Should Master in 2026 for Smarter Test Automation

The role of Software Development Engineers in Test (SDETs) is evolving from manually writing every test to designing and overseeing AI-assisted testing systems. Tools like GitHub Copilot can now act as AI pair programmers within automation repositories, understanding existing code patterns and generating contextually relevant test cases. AI-powered browser agents are also emerging, capable of exploring applications autonomously, identifying test scenarios, and drafting Playwright tests for human review. Other highlighted capabilities include AI-assisted API testing, visual regression testing, and intelligent test maintenance to reduce manual upkeep. Experts argue that the critical skill going forward is not just prompting AI, but providing sufficient engineering context to ensure AI-generated changes are accurate and safe.

0
ProgrammingDEV Community ·

AI coding agent found just 2 of 16 key dependencies in 36,000-file Rails audit

A developer tested a Claude-based coding agent on a real maintainability task using GitLab's open-source Rails monolith, one of the largest of its kind with over 36,000 tracked files. The agent was asked to audit every part of the codebase that depends on the MergeRequest model before a planned rework, with a hand-built gold set of 16 scattered dependents used as the benchmark. Without a codebase map, the agent relied on grep-style token searches, returning tens of thousands of hits it could only partially sample within its token budget. It produced a confident, well-structured report citing only real files, but identified just 2 of the 16 true dependents, missing those linked through shared concerns like the Issuable module that never reference MergeRequest by name. Critically, the agent showed no awareness that its audit was incomplete, a finding the author notes is the core risk in using such tools on large, convention-heavy codebases.

0
ProgrammingDEV Community ·

Developer builds multi-agent AI fitness planner in TypeScript using HazelJS framework

A developer has detailed how to build an intelligent fitness workout planner using HazelJS, a TypeScript framework designed for constructing multi-agent AI systems. The solution uses five specialized agents — covering intake, exercise search, workout planning, progress tracking, and coaching — each handling a distinct part of the fitness planning process. Unlike traditional fitness apps that rely on static templates, the agentic approach allows for personalized, adaptive plans based on user goals, fitness level, available equipment, and injury history. HazelJS features such as the @Agent, @Tool, and @Delegate decorators enable agents to collaborate and delegate tasks without tightly coupling their logic. The modular design means individual agents can be improved independently, making the system easier to maintain and scale over time.

0
ProgrammingDEV Community ·

How a DOM parenting bug silently broke pointer events behind a fixed overlay

A developer building a crop overlay with draggable handles discovered that position: fixed visually lifts an element but does not remove it from the DOM tree, leaving event routing unchanged. The crop overlay was a child of a canvas stage element that called setPointerCapture during pan gestures, which redirected all subsequent pointer events to the stage after the first move. This caused the overlay to receive exactly one pointermove event per drag before going silent, a subtle signature pointing to pointer capture rather than a broken handler. The root cause was the assumption that fixed positioning creates an event boundary, when in reality it only affects layout and paint. The fix required either restructuring the DOM so the overlay sat outside the capturing ancestor, or explicitly releasing pointer capture when a drag begins on the overlay.