Vlado Vajdic

Anthropic just open-sourced a reference framework for AI-powered vulnerability discovery and remediation 🤖💀 The workflow: Recon → Find → Verify → Triage → Report → Patch Features: • Threat modeling • Autonomous vulnerability hunting • Crash verification • Finding deduplication • Exploitability analysis • AI-generated patches with validation Built around Claude Code and sandboxed agents using gVisor. 🔗 https://t.co/ZFOtXZPEn8 Interesting signal: AI is moving beyond code generation into autonomous security research and vulnerability management. #CyberSecurity #AppSec #AI #LLM #VulnerabilityManagement #DevSecOps #ClaudeAI

The State of MCP Security June 2026. We classified every tool on every Model Context Protocol server we could enumerate from the public registries - 31,000 tools across 2,031 working servers. The data shows an ecosystem that hands AI agents wide, dangerous, and almost entirely unannounced control over the systems they touch. https://t.co/RdMJ3NqVeA

The NSA published formal security guidance on MCP in May. It is worth reading carefully — not primarily for the recommendations, but for what the document signals. The guidance is 17 pages. The core observations are familiar to anyone tracking this space over the past year: the protocol's design was flexible and underspecified, adoption outpaced security infrastructure, and the inversion of the client-server relationship — servers querying and executing for clients rather than the reverse — created attack paths that were not well-traced before deployment reached scale. What is new is the institutional framing. The NSA's AI Security Center does not publish Cybersecurity Information Sheets on speculative risks. When they do publish one, they are describing a threat surface that organisations in regulated industries — finance, defence, critical infrastructure — will shortly be expected to address in writing. Procurement questionnaires follow NSA guidance. Compliance frameworks reference it. The gap between "best practice" and "required control" closes on a predictable schedule. The specific controls the document recommends are worth noting for anyone building agent infrastructure. Align tools and models with data classification zones. Treat all external MCP configuration input as untrusted. Implement comprehensive invocation logging covering exact parameters, identities involved, and the prompts that triggered each call. Apply filtering outgoing proxies for external MCP connections to reduce unintended data leakage. The logging and invocation-tracing requirements describe exactly the audit trail that regulators will ask for. If your agent infrastructure cannot produce a complete record of what tools were called, with which parameters, by which agent, acting on whose behalf — the NSA's May guidance is a preview of where the compliance baseline is heading.

The NSA just published a formal report on MCP security and honestly, it's about time someone with that kind of authority said it out loud. Model Context Protocol has quietly become the backbone of AI agents running across finance, legal, healthcare, and software development. Everyone rushed to adopt it. Almost nobody secured it properly. Here's what the report actually calls out: 👉 MCP was designed with flexibility in mind, not security. That freedom sounds great until you realize it means every team is essentially guessing what "safe implementation" looks like. That guesswork is now being exploited in the wild. 👉 The trust model is also inverted compared to what most engineers are used to. In traditional protocols, clients request data from servers. In MCP, servers often query and execute actions for clients. That flip creates attack paths most security teams aren't even monitoring yet. 👉 And these aren't hypothetical threats anymore. Public labs and researchers have already released working vulnerable MCP server implementations to prove how easily this can be exploited. The NSA confirmed it with citations. 👉 Arbitrary Code Execution is explicitly flagged as high severity. If user provided logic reaches your execution environment without constraints, you're sitting on a live vulnerability. The NSA maps this directly to CWE-77, CWE-78, CWE-94, and CWE-95. 👉 On top of all that, the protocol ships with no audit logging, no approval workflows and no just-in-time access controls out of the box. In any regulated or enterprise environment, that's a serious compliance gap. This report matters because it shifts the conversation from "security researchers raising concerns" to "the NSA is telling enterprises this is not production ready without additional controls." If you're deploying AI agents in any high stakes environment right now, this guidance deserves your full attention.

IN PRAISE OF FRANCESCA ALBANESE There is a question that visits me in the small hours, when sleep will not come and the mind turns over old stones. The question is this: “What would I have done in the 1930s, on the morning after Kristallnacht?" Not what I say I would have done. Not what I hope I would have done. But what would I actually have done—when the trains began to run, when the neighbours grew quiet, when the cost of decency became the loss of everything? Most of us, I think, would have done little. Not from malice. From fear. From the soft, creeping conviction that someone else will speak, that the situation is complex, that we must be 'reasonable'. Lest we forget, the ordinary is the extraordinary's alibi. And how we have clung to that alibi! How we still cling to it! And then, every once in a terrible while, someone appears who does not cling. Someone who steps forward when others step back. Someone who speaks the name of the thing when everyone else is busy naming something else. Francesca Albanese is that someone. She stands before the world—alone, unarmed, armed only with law and language and a rare courage—and she says what the centrists will not say, what the foreign ministries will not say, what the editorial boards will not say. She says: "This is a genocide. And we are watching it happen." Do not tell me that is hyperbole. Do not tell me the term is contested. She has not used it lightly. She has used it as a physician arrives scientifically at a diagnosis—not to wound, but to warn. Not to inflame, but to name. And for that, they have come for her. Oh, how they have come for her. Smears. Investigations. Vicious editorials. Frozen bank accounts. Dispossession of the only apartment she had ever owned. The machinery of the respectable turned to crush her. Because the respectable cannot abide what she represents: a mirror held up to their complicity. Let us, once again, travel back to the 1930s. Back to the few who stood up when the trains began to run laden with Jewish people. There was Aristides de Sousa Mendes, a Portuguese consul in Bordeaux. He defied his own government. He signed thousands of visas, by hand, for hours, until his fingers bled. He saved more lives than Schindler. And he died penniless, disgraced, erased. There was a German officer in Warsaw named Wilm Hosenfeld. He hid a Jewish pianist in the rubble. He did not save thousands. He saved one. But that one—Władysław Szpilman—carried the memory. And memory is "the only haven from which we cannot be expelled." There was Raoul Wallenberg. There were the villagers of Le Chambon. There were the anonymous, the quiet, the furious few who said: “Not on my watch.” Francesca Albanese is their heir. Not because she carries a gun. Not because she hides refugees in her basement. But because she does something equally dangerous in a world that has perfected the art of not seeing. She sees. And she speaks. She does not speak as a diplomat. Thank Goodness she doesn't! Diplomats have given us the language of "there are arguments on both sides" and "restraint" and "proportionality." Diplomatic language is the perfumed grave of moral clarity. No, she speaks as a jurist. As a human being. As a woman who has looked into the abyss and refused to call it a "complex geopolitical landscape". Edna O'Brien once described a character who "had the recklessness of those who have already lost everything worth losing." Francesca Albanese has not lost everything. She has her dignity, her office, her voice, her family. But she has calculated the cost of speaking truth to power. And she has decided that that cost is infinitely less than the cost of silence. What is that cost? Let us name it. She has been called antisemitic—she, who stands on the ground of international law forged in the ashes of Auschwitz and the fires of Nuremberg. She has been called a conspiracy theorist—she, who cites every source, every footnote, every UN resolution. She has been called naive—she, who understands better than most the machinery of realpolitik. These accusations are not arguments. They are the spittle of the threatened. Because Francesca Albanese threatens something very precious to the powerful: the right to commit atrocity without being named. Friends, the 1930s did not arrive with jackboots and pogroms on day one. They arrived in small increments. With "reasonable" restrictions. With "proportional" measures. With the silence of the respectable. We tell ourselves that we would have been different. That we would have been Sousa Mendes. That we would have been Wallenberg. But most of us, I fear, would have been the neighbours who later said, "I didn't know." Francesca Albanese knows. And she refuses to pretend otherwise. So let us praise her. Not with statues or awards she does not seek. But with something harder: with our own refusal to look away. With our own voices, raised in places that are safe for us but dangerous for her. With our own bodies, if it comes to that. A brave woman, who was injured while demonstrating outside a US nuclear military base in 1982, the infamous Greenham Common, had told me that "the heart is a hunter for what it cannot have." But I say the heart is a hunter for what it will not lose. And what we will not lose is the memory of those who stood up when standing up cost everything. Francesca Albanese is standing up now. In our time. In our name. Under our indifferent sky. Let us stand with her. Not tomorrow. Not when it is safe. Now. [Extract from a speech in Athens on Sunday 3rd May 2026]

Just finished a red team for a fintech that burned millions on Falcon + SentinelOne AI stacks. Got domain admin in under 15 mins from the guest WiFi. Walked into the kitchen, saw the shiny Samsung “enterprise” smart fridge on the same VLAN as everything important. Still on old firmware. Default creds on the admin panel. Classic unauth RCE in the diagnostics endpoint. Shell within minutes. From there it had cached corp creds for SAP sync and outbound allowed. Their EDR had the fridge IP whitelisted as “normal IoT behavior” because of the MQTT pings. Dropped a Reynolds-style BYOVD (that NSecKrnl one everyone’s using now), killed the hooks on a DC, and exfil’d test data back out the fridge’s own channel. SOC barely blinked. CISO’s reaction when I showed him live: “It’s just a fridge though…” Man, 2026 and we’re still getting wrecked by IoT crap facilities bought on Amazon. Same story as the 2014 Proofpoint fridge botnet or Target’s HVAC. Nothing changes.

The scales are officially shifting. ⚖️ For a long time, endpoint threats were the undisputed heavyweight of the security world. But the 2026 Threat Detection Report reveals a trend that even our most veteran experts find surprising: Identity threats are now nearly equal to endpoint threats in total volume. As Red Canary evolves from its endpoint roots to broader visibility, this "leveling out" is an insight you simply can’t ignore. 🛡️ Download the full report: https://t.co/lTNqsmk6sD

This article explores a novel attack technique that combines Ghost SPNs and Kerberos reflection to elevate privileges on SMB servers, highlighting a critical gap in traditional detection methods. It details how attackers can exploit stale or misconfigured Service Principal Names (SPNs) in Active Directory—termed "Ghost SPNs"—to manipulate Kerberos authentication and reflect service tickets back to the SMB server, gaining elevated access. The technique bypasses common defenses like LDAP filtering and SPN hygiene, making it stealthy and potent. Semperis emphasizes the need for proactive detection strategies and shares insights into identifying vulnerable configurations and mitigating the threat. https://t.co/xcSvOEyrdk