Agents30 MCP CVEs total - MCP security crisis crystallizesWweb·medium signal30 CVEs since late 2024 launch. Q1 2026 alone produced ~15. 36.7% SSRF rate, ~10% servers compromised. BlueRock Trust Registry scans 7100+ servers. Noma Security MCP guardrails launched. OAuth 2.1 spec criticized as mess for enterprise. Go SDK parsing bypass CVE-2026-27896.↳ Follow the threadShared entity / Threat patternBlueRock's MCP Trust Registry: 36.7% of 7,000+ scanned MCP servers are SSRF-exposed, 42% leak credentialsBlueRockShared entity / Stack layer'GitLost' Prompt Injection Tricks GitHub's Agentic Workflows Into Leaking Private ReposNoma SecurityShared entity / Threat patternMicrosoft ships a 60+ server MCP catalog via Dataverse, positioning it as the agent data platformMicrosoft Power Platform BlogShared entity / Stack layerCROSS-CATEGORY: Incumbents Reopen Themselves as 'Platforms of Agents' via MCP — Greenhouse's ATS MCP Goes Broad July 6Multiple SourcesPolicy dependency / Stack layerIAPS warns on Kimi Claw: security and governance risks of Chinese-hosted 'always-on' AI agentsIAPSPolicy dependency / Stack layerAnthropic Restores Global Access to Fable 5 and Mythos 5, Launches Claude for Government BetaAnthropicStack layer / Threat patternArmadin details full sandbox escape in Anthropic's Claude Cowork; Anthropic disputes, silently patchesSiliconANGLEStack layer / Threat patternClaude Code v2.1.203 and v2.1.204 Add Login-Expiry Warnings and Fix Headless Hook StreamingClaude Code Docs