Johann Rehberger
@wunderwuzzi23
Hacking neural networks so that we don’t get stuck in the matrix. Builder and Breaker. Opinions are my own. http://monthofaibugs.com
🚨 Security Advisory: Anthropic's Slack MCP Server leaks data via link unfurling ☠️ See a demo exploit with Claude Code connected to the MCP server, and how a prompt injection attack can leak developer secrets. Watch and learn!
"1.84.0 has been removed from the extension’s version history, as if it never existed. The page and others include no announcement from Amazon that the extension had been compromised." - I wish AWS was more transparent about security. 404media.co/hacker-plants-…
IMHO Claude Code and Cursor are best currently Gemini CLI still has catching up to do - but open sourcing was a power move that will help a lot in long run. Also, Claude Code & Cursor teams in my exp are best at triaging & acting on reported security vulnerabilities quickly.
Cursor isn't leading anymore. Claude Code and Gemini Code are, in my opinion, ahead of everyone else. Windsurf is dead, and VSCode Copilot is too far behind.
OpenAI should use my MCP COM server! 🙂 x.com/wunderwuzzi23/…
OpenAI is prepping ChatGPT agents that would allow users to generate and edit presentations and spreadsheets, putting it in more direct competition with Microsoft. theinformation.com/articles/opena…
They extracted the access token by submitting a pull request that dumped memory within the AWS CodeBuild build environment.
New development in the Q Developer extension backdoor: An open question was, how did the threat actor get write permissions to the repo? Turns out they stole a token via this technique. aws.amazon.com/security/secur…
Someone found the now deleted backdoor script via archive and shared link in HN comments. It seems the hack tried to launch q with --trust-all-tools flag and the custom prompt. What is unclear is if this code actually ever ran on developer machines, or what the conditions of…
AWS doesn't offer a public bug bounty program. Been trying to communicate some AI security issues - not an easy endeavor. But some progress. AI security issues can now be reported via VDP. AI research was previously technically entirely out of scope... Still no bounties though
Also, remember that tool descriptions and data returned from MCP servers can contain invisible Unicode Tags characters that many LLMs interpret as instructions. So users can't even see the malicious instructions embracethered.com/blog/posts/202…
MCP security is completely broken! Let's understand tool poisoning attacks and how to defend against them:
Exactly what I hope to be. Thank you! 🙏
You are always inspiring :D
Yay! Popped a calc with prompt injection!
👻 Developers love Kiro! Try Kiro for free while in preview and let us know what you build! 👉 spr.ly/601144Yhh #BuildwithKiro #CodingwithAI #KirodotDev
Cool, YouTube channel reached 7k subscribers. Maybe I should do more videos?
