6 min read
Defensive Techniques The NSA AISC's May 2026 CIS on MCP security: authentication gaps, tool poisoning via unsigned dynamic discovery, session-identity binding failures, and compensating controls.
The NSA AISC's May 2026 CIS on MCP security: authentication gaps, tool poisoning via unsigned dynamic discovery, session-identity binding failures, and compensating controls.
Sysdig documented an LLM agent autonomously driving lateral movement from a marimo RCE to a PostgreSQL dump across four pivots in under two minutes. What this means for detection.
RAG pipelines introduce document poisoning, indirect prompt injection via retrieved content, and semantic access control gaps that most security teams have not assessed.
AI vulnerability research found 10,000 critical flaws in a month. Mandiant reports 28.3% of CVEs exploited within 24 hours of disclosure. What this means for defenders.