MCP
4 posts
Article
Zero-Touch OAuth strips the 2025-06-18 MCP mandate
Zero-Touch OAuth for MCP fails as a trust-on-first-use design: unauthenticated dynamic client registration and unbound bearer tokens enable session hijack.
Article
The access outlived the protocol
A board-level view of MCP's changed status: the protocol is not the exposure - the access it established is, and that access does not retire on its own.
Article
The credential nobody revoked is still live
MCP is dead is a procurement claim. Until integrations are removed and trust artefacts revoked, runtime exposure is unchanged.
Article
What a $5 VPS honeypot taught me
An open-source honeypot probe database queryable via curl, HTTP, and MCP - what it catches, why it helps small defenders, and where the risks actually sit.