- Secure Prompt
- Posts
- Threat Wire #003: MCP became the attack surface this week
Threat Wire #003: MCP became the attack surface this week
A HuggingFace RCE that defeats trust_remote_code. Google's MCP connector hijacked via CORS. 770+ exploitable flaws across 19,000 MCP servers. The protocol everyone rushed to adopt is the soft underbelly.
Secure Prompt Team
June 08, 2026
In partnership with
AI Agents Are Reading Your Docs. Are You Ready?
Last month, 48% of visitors to documentation sites across Mintlify were AI agents, not humans.
Claude Code, Cursor, and other coding agents are becoming the actual customers reading your docs. And they read everything.
This changes what good documentation means. Humans skim and forgive gaps. Agents methodically check every endpoint, read every guide, and compare you against alternatives with zero fatigue.
Your docs aren't just helping users anymore. They're your product's first interview with the machines deciding whether to recommend you.
That means: clear schema markup so agents can parse your content, real benchmarks instead of marketing fluff, open endpoints agents can actually test, and honest comparisons that emphasize strengths without hype.
Mintlify powers documentation for over 20,000 companies, reaching 100M+ people every year. We just raised a $45M Series B led by @a16z and @SalesforceVC to build the knowledge layer for the agent era.
AI SECURITY PULSE
Hello!
Welcome to issue #3 of Secure Promptβs Threat Wire.
The Model Context Protocol stopped being a convenience and became this week's attack surface. Google's open-source MCP database connector shipped a CORS wildcard that lets any website hijack agent sessions. A real-world MCP server handed an attacker live AWS credentials through an SSRF chain. Trend Micro swept 19,000 MCP repositories and found AI-generated code is structurally more vulnerable than human-written code. And separately, a HuggingFace Transformers flaw defeated the one security boundary the entire model ecosystem relies on. The plumbing the industry rushed to adopt is the part nobody hardened.