🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

🔴🌎 New MCP attack on BrowserMCP We show an MCP attack on the popular BrowserMCP. It allows attackers to read arbitrary files from your machine, when the agent visits the website below. Try yourself with: access.invariantlabs.ai No bad MCP server needed. (1/n)👇

We recently shipped a lot of updates to mcp-scan: - whitelisting of tools - Improvements to the server (reducing false-positives, improving detection) - run via npm/npx Much more coming soon! github.com/invariantlabs-… #mcp

MCP is the hottest thing in AI right now, but people aren't really talking about the security implications... I covered a recently discovered exploit and mitigations on the The New Stack today: thenewstack.io/building-with-…

We are proud to share that AgentDojo, an Invariant research project done with ETH Zürich, has won the first price of the Center for AI Safety SafeBench competition. We truly appreciate this recognition from the community. Learn More: invariantlabs.ai/blog/agentdojo…

🔵 New release: Invariant MCP-scan v0.2 is here! Track, audit & secure all local MCP traffic with static+dynamic scanning, local guardrails, and customizable policies. Ideal for orgs prioritizing agent security & compliance. Docs: explorer.invariantlabs.ai/docs/mcp-scan/ #AI #DevSecOps

😈 BEWARE: Claude 4 + GitHub MCP will leak your private GitHub repositories, no questions asked. We discovered a new attack on agents using GitHub’s official MCP server, which can be exploited by attackers to access your private repositories. creds to Marco Milanta (1/n) 👇

Invariant researchers have uncovered a new security flaw in GitHub’s official MCP server, enabling attackers to exfiltrate private repository data. The toxic flow was identified during an automated scan using Invariant's security stack. Learn more: invariantlabs.ai/blog/mcp-githu…