RC RANDOM CHAOS

MCP

4 posts

Zero-Touch OAuth strips the 2025-06-18 MCP mandate
Article

Zero-Touch OAuth strips the 2025-06-18 MCP mandate

Zero-Touch OAuth for MCP fails as a trust-on-first-use design: unauthenticated dynamic client registration and unbound bearer tokens enable session hijack.

The access outlived the protocol
Article

The access outlived the protocol

A board-level view of MCP's changed status: the protocol is not the exposure - the access it established is, and that access does not retire on its own.

The credential nobody revoked is still live
Article

The credential nobody revoked is still live

MCP is dead is a procurement claim. Until integrations are removed and trust artefacts revoked, runtime exposure is unchanged.

What a $5 VPS honeypot taught me
Article

What a $5 VPS honeypot taught me

An open-source honeypot probe database queryable via curl, HTTP, and MCP - what it catches, why it helps small defenders, and where the risks actually sit.