NewsMCP Breach Timeline Nine Confirmed Breaches Three CVEsAuthZed·high signalAuthZed documents nine confirmed MCP breaches in 2025 including CVE-2025-49596, CVE-2025-6514, CVE-2025-53967. Every major integration point breached.SourceSource pageAuthZed↳ Follow the threadShared entity / Stack layerNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWizShared entity / Policy dependencyRoots, Sampling, and Logging are deprecated — new capabilities now ship as opt-in extensionsModel Context Protocol BlogShared entity / Stack layerMCP-Grounded Agent Pipeline Converts Legacy Docs to NIST OSCAL for Continuous CompliancearXivShared entity / Stack layerMeniga Launches 'Fini,' an MCP Server Bringing Agentic AI Into BanksFinovateStack layer / Threat patternCROSS-CATEGORY: Three Vendors in Three Unrelated Categories Shipped 'Agents That Supervise Other Agents' Inside Two WeeksVantaThreat patternScan of 10,000+ Real MCP Servers Finds Secrets Leaking at >10%, With 30 CVEs in 60 DaysPractical DevSecOpsStack layer / ContrastBind every MCP token to the exact tool subset it may invoke, and check scope before the handler body runsDigital AppliedPolicy dependency / Stack layerIAPS warns on Kimi Claw: security and governance risks of Chinese-hosted 'always-on' AI agentsIAPS