UpGuard

Your developers are using MCP to connect AI to your data. So are hackers. Model Context Protocol is the open standard fueling the AI engineering boom. But for lean security teams, it’s a critical blind spot. Developers are spinning up unverified MCP servers with three lines of config code. No IT approval. No traditional endpoint alerts. It’s shadow IT, but with autonomous privileges to read databases and execute system shells. We built a practical, phased playbook for mid-market teams to map, monitor, and master MCP security without slowing down dev velocity. Read the full blueprint: https://t.co/k98j9kibgo

The introduction of the 2024 Cyber Security Act, marked a fundamental shift for Australian security teams. Our 2026 ASX report, derived from billions of data points, reveals where the Australian threat landscape is the most volatile. Is your security program keeping pace with Australia's leading businesses? Download the full report to find out: https://t.co/feqH5RRGqG

In 2012, the shadow IT crisis was employees putting files into the cloud for convenience. Today, it's the MCP. The Model Context Protocol has given developers unprecedented power to connect AI models with local and remote data sources. But because it's built to be completely frictionless, security teams are facing a brand new blind spot: unvetted AI agents with the power to read and write to internal systems. Discover what you can do to mitigate MCP risks in our latest blog series: https://t.co/1jp06Jd4OC

In 2026, response lag is a liability. Join this week's UpGuard Summit to see active defense in action: → TPRM: Move from checklists to automated workflows. → Browser: Block leaks at the point of behavior. → Shadow AI: Detect unofficial MCP connections. → Questionnaire Speed: Cut completion times from weeks to days. May 19 & 21 | 🔗 https://t.co/x0atDQum8Q

Is your TPRM a bottleneck or a catalyst? Join us at UpGuard Summit for a fireside chat with George Wiemer, Global Senior Director, Cybersecurity and Risk at Combe Inc. Learn to stop auditing and start partnering by using real-time data to catch vendor risks before they happen. May 19 & 21 | 🔗 https://t.co/x0atDQum8Q

The Vercel breach was simple: an employee used a corporate ID on a shadow AI tool, the tool was hacked, and customer secrets were leaked via an OAuth token. Visibility tells you this happened. It doesn't stop it. Our new Browser Detection & Response changes that: ✅ Block unapproved logins ✅ Stop sensitive data pastes ✅ Harden browser hygiene in real-time Don't just watch the risk. Control it. See you at Summit! May 19 & 21 | 🔗 https://t.co/x0atDQum8Q

Attackers are prompting AI too. In a recent security incident, a developer asked an AI agent to review public GitHub issues. Moments later, their private repositories were leaked into a public request. The scary part? No credentials were stolen. No malware was installed. The AI simply did what it was told. All it took was one malicious instruction hidden inside a public GitHub issue. This is indirect prompt injection, and it's a structural risk of the MCP. Unlike traditional software, AI models struggle to distinguish between a user’s command and the data they are asked to read. Learn more about indirect prompt injection and what you can do to secure your AI agents by reading the latest blog in our MCP series: https://t.co/4Co4WLdbgy

Is your SSO enough? New research shows 31.4% of vendor interactions happen via direct login, bypassing identity logs. Even trusted apps like Zoom and Jira are going dark as users bypass corporate tenants. It's time to see your true supply chain. Read Part 2: https://t.co/OzJLS8B8JZ

AI agents are in your environment, but do you know what they are connected to? MCP is the "USB for AI" and a compliance landmine. Our research found 15 lookalikes for every official server, built to steal SSH keys. See how we are closing the governance gap at Summit. May 19 & 21 | 🔗 https://t.co/x0atDQum8Q

Traditional AI governance policies are failing. Why? Because the employees bypassing them are often your most senior, trusted staff. It’s time for a new playbook. Join UpGuard’s Greg Pollock and Michael Tan for a live breakdown of our latest Shadow AI research and discover a new, usage-based approach to AI governance. https://t.co/Z0lyA1pyuM

The uncomfortable reality of 2026: your most security-aware employees may be your biggest shadow AI risk. We recently tracked 63 unapproved AI apps actively bypassing standard enterprise procurement. Join our live webinar on May 12th or May 13th to unpack the data and learn how to close this massive blind spot. https://t.co/p36yA7Ap5G

Major in efficiency, not risk. Internet2 has already done the upfront vetting, so higher ed teams can move faster and with more confidence. Join our webinar on May 13th to hear how Harvard and Colorado State University navigated the NET+ evaluation process. Save your seat now: https://t.co/SxBqgg4nEG

Is your vendor list a reflection of reality? Our latest research found that the average security team is blind to 72.9% of its active supply chain. Out of 3,470 apps analyzed, 2,531 were unmonitored. It's time to follow the user, not the purchase order. Read Part 1 in our latest blog series unpacking The Shadow Supply Chain: https://t.co/KqFSw7q5Bn