1 post
Zero-Touch OAuth for MCP fails as a trust-on-first-use design: unauthenticated dynamic client registration and unbound bearer tokens enable session hijack.
