Tagged: Security

Anthropic just did something nobody expected. They built a model so good at finding security vulnerabilities that they're scared to release it publicly.

I run an AI security company. I'm supposed to tell you AI risk is manageable — that with the right governance framework and a good dashboard, you'll sleep fine.

I don't believe that anymore.

This post is about the files on your Mac that MCP servers can access — the ones most developers don't know are exposed — and what you can do about it.

Model Context Protocol has had a remarkable run. In under a year, it became the default way to wire AI agents to external tools — databases, APIs, file systems, cloud services, crypto wallets. Cursor, Windsurf, Claude Code, and most serious AI coding environments now ship with MCP support out of the box. The ecosystem is growing fast.

Which makes the next part worth paying attention to.

AI agents aren't experimental anymore. They write code, run shell commands, call external APIs, and orchestrate complex workflows — usually with the same OS privileges as the developer who launched them. That convenience is real. So is the risk.

I want to tell you about a bug that started with a simple Cloudflare error and ended with me staring at post-quantum cryptography specs at 2 AM, wondering what year it is.