Tagged: AIAgentLens

I run an AI security company. I'm supposed to tell you AI risk is manageable — that with the right governance framework and a good dashboard, you'll sleep fine.

I don't believe that anymore.

This post is about the files on your Mac that MCP servers can access — the ones most developers don't know are exposed — and what you can do about it.

Vibe coding is real now. Developers are shipping entire services by describing what they want to Claude Code or Cursor. I've done it. You've probably done it. The output is surprisingly good.

Model Context Protocol has had a remarkable run. In under a year, it became the default way to wire AI agents to external tools — databases, APIs, file systems, cloud services, crypto wallets. Cursor, Windsurf, Claude Code, and most serious AI coding environments now ship with MCP support out of the box. The ecosystem is growing fast.

Which makes the next part worth paying attention to.

AI agents aren't experimental anymore. They write code, run shell commands, call external APIs, and orchestrate complex workflows — usually with the same OS privileges as the developer who launched them. That convenience is real. So is the risk.