Fetching from the wire…
Top 5 · 2026-03-03 · source-backed
The MCP ecosystem now has 30 documented CVEs across six weeks spanning three attack layers: server-side injection (43%), protocol library flaws, and developer tooling vulnerabilities. Simultaneously, the AIUC-1 Consortium reports 80% of enterprises have observed risky agent behaviors including unauthorized system access, while only 21% have complete visibility into agent permissions. Cisco responded by shipping four open-source security scanners (MCP scanner, A2A scanner, pickle fuzzer, skill file scanner). OWASP published its Top 10 for Agentic Applications introducing the "Least Agency" principle. The infrastructure is maturing, but the attack surface is expanding faster. DEV Community | Help Net Security | Cisco Blog
Each link below shares sources, entities, or timing with this story.
OWASP released MCP / Shared entities / Same source / Shared topic / Tension
Linked by a graph relationship (OWASP released MCP); both cover A2A, Cisco, Cisco Blog, MCP; cite the same source (Cisco Blog).
Cisco uses Codex / Shared entities / Same source domain / Shared topic / What happened next
Linked by a graph relationship (Cisco uses Codex); both cover Agentic Applications, Help Net Security, OWASP; reported by the same outlet (helpnetsecurity.com).
OWASP released MCP / Shared entities / Shared topic / What happened next
Linked by a graph relationship (OWASP released MCP); both cover A2A, Cisco, MCP; overlapping topics (access, agent, agentic, cisco, have).