Olivia
Online
Pluto Security
@pluto_security
Everyone is a builder now. Security needs visibility and control - without slowing innovation.
Joined December 2025
1.5K Following
1.8K Followers
40 Posts
https://t.co/IEbgTyhQX0
Last time, we published ClaudeSec - our security-first hub for the Claude ecosystem.
Now, CopilotSec is officially LIVE.
A new community knowledge hub for security of the Microsoft AI ecosystem, powered by Pluto.
Ever wanted a single place to understand what Microsoft AI connectors actually do?
Wondered which ones are high-risk?
Trying to figure out how to securely deploy Copilot Studio, agents, MCP servers, or AI workflows in production?
Thatโs exactly why we built CopilotSec.
Inside youโll find:
1,718 Microsoft ecosystem connectors mapped by capability and riskSecurity guides for Copilot Studio and Microsoft AI deploymentsCurated security updates and findings that actually matter to security teams
Built for practitioners. Open to everyone.
Give it a try and let us know what you think!
Link in the first comment ๐
Someone finally built a security database for the Claude ecosystem.
It's called ClaudeSec, and Pluto Security just launched it for free.
Here's the gap it fills => 53 new Claude connectors shipped in the last 30 days. Your security team reviewed zero of them. Someone on your team authorized at least one.
Most enterprises adopting Claude have no process to evaluate connectors before authorization.
ClaudeSec tracks 384 connectors. 103 flagged high risk. That's around 27% of the ecosystem.
Every entry shows:
โ What capabilities the connector actually has
โ What tools it exposes to the model
โ Why it's rated risky
โ Source-code findings where they did the review
Security guides are live for Claude Managed Agents and Cowork. Real configuration - policies, hooks, permission scopes, allow/deny rules.
The Cowork guide is the one Enterprise teams need to read first.
Cowork runs code, browses with real user sessions, and operates unattended. The architecture is solid, gVisor sandbox, layered network controls. But Cowork activity is excluded from Audit Logs, the Compliance API, and Data Exports. All plan tiers. Including Enterprise.
Your visibility tools don't see what Cowork is doing.
Claude Code and Office Agents guides ship next.
The curated news feed flags CVEs and incidents as they happen. The window between a connector being compromised and detection is roughly 3 hours. The feed is built around that window.
Read here:
ClaudeSec: https://t.co/EcB9rT1wWA
Launch blog: https://t.co/JRsZ3ibRJn
Cowork teardown: https://t.co/fuzaUJtoQW
Thanks to @pluto_security for supporting this post.
@eugeneychan Exactly. Deployed means running. Governed means you actually know what it's doing!
The average enterprise now runs 37 deployed AI agents. More than half have zero security oversight or logging. You can't govern what you can't see.
@sama @VampireGurlAI Big move. Most enterprises are still figuring out how to govern the AI they already have. Now they need to secure what's securing them too.
@AnthropicAI Opening up bug bounties is the right call. Finding the vulnerability is step one. The harder question is what happens in production before anyone finds it.
@0xcorte That's the goal. Getting there in real time is where most teams get stuck.
Your AI agent just connected to Salesforce, GitHub, and Slack. It has more access than most of your employees. Does your security team know that?
@satyanadella Agent Mode default across Word, Excel, and PowerPoint. Every enterprise just got a much bigger AI footprint to secure.
@AnthropicAI Models that can self-report misalignment is a big step. The harder question is whether enterprises can act on that signal in real time.
https://t.co/shpgP5gGK5
ClaudeSec is officially LIVE!
Meet the new security-first hub for the Claude ecosystem, powered by @pluto_security.
โAlways yearned for a unified search of all existing extensions?
โEver wondered what ones are flagged as high-risk?
โDreaming of knowing how to deploy safely with Claude?
All of this (and more) is now waiting for you on our new planet.
Give it a go and let us know in the comments what you thought!
Link in the first comment.
@claudeai Agents that learn from every session are powerful. They also accumulate context that most security teams have zero visibility into.
@omarsar0 Self-evolving agents are impressive. They're also the hardest thing to put guardrails on.
@Baron_VonSnatch That's what makes this pattern so dangerous. The software is easy to run. The blast radius is not easy to see.
Our research team disclosed CVE-2026-33032, a critical CVSS 9.8 vulnerability in nginx-ui that exposed over 500K users to full server takeover through a single unauthenticated request. No credentials. No exploit chain. Actively exploited in the wild.
The root cause: MCP endpoints that inherit an application's full capabilities but skip its security controls entirely.
The pattern is clear - and it's only getting more common as agentic workflows connect deeper into enterprise workspace infrastructure.
Most security teams have no visibility into what MCP servers are running in their environment, no inventory of the endpoints they're exposing, and no way to enforce it.
Full breakdown โ https://t.co/Pp6gMQ9GhV
As covered by The Hacker News โ https://t.co/6lcYZiiy7V
@wkeything Good point. Action monitoring matters. Visibility into what the agent does after it's in is exactly the gap we're focused on.
@OpenAI More AI capability for defenders is great. The question is who's governing what that AI can access inside your environment while it's defending.
Everyone is racing to deploy AI agents. Nobody is asking who gave them permission to be there.
Last Seen Users on Sotwe
Disney
Seen from Turkey
Wonderful Alor
Seen from Indonesia
JPNCOV
Seen from Indonesia
bacol indo
Seen from United States
์๋
Seen from Germany
PUKIMAYY86
Seen from Indonesia
kaliteli zevkli dakikalar
Seen from Turkey
ูุฏูู ุบุงููุฉ ู
ุฌุงูุง
Seen from Oman
Bubbez
Seen from United States
Hadi Aldossry
Seen from Oman
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers