Invariant Labs
@InvariantLabsAI
Invariant Labs makes AI Agents secure and reliable.
😈 BEWARE: Claude 4 + GitHub MCP will leak your private GitHub repositories, no questions asked. We discovered a new attack on agents using GitHub’s official MCP server, which can be exploited by attackers to access your private repositories. creds to @marco_milanta (1/n) 👇
Invariant researchers have uncovered a new security flaw in GitHub’s official MCP server, enabling attackers to exfiltrate private repository data. The toxic flow was identified during an automated scan using Invariant's security stack. Learn more: invariantlabs.ai/blog/mcp-githu…
invariantlabs.ai
GitHub MCP Exploited: Accessing private repositories via MCP
We showcase a critical vulnerability with the official GitHub MCP server, allowing attackers to access private repository data. The vulnerability is among the first discovered by Invariant's security...
🔵 New release: Invariant MCP-scan v0.2 is here! Track, audit & secure all local MCP traffic with static+dynamic scanning, local guardrails, and customizable policies. Ideal for orgs prioritizing agent security & compliance. Docs: explorer.invariantlabs.ai/docs/mcp-scan/ #AI #DevSecOps
We are proud to share that AgentDojo, an Invariant research project done with @ETH, has won the first price of the @ai_risks SafeBench competition. We truly appreciate this recognition from the community. Learn More: invariantlabs.ai/blog/agentdojo…
invariantlabs.ai
Invariant Research wins first prize of Center for AI Safety competition
AgentDojo wins $50,000 prize in the SafeBench competition, hosted by the prestigious Center for AI Safety.
MCP is the hottest thing in AI right now, but people aren't really talking about the security implications... I covered a recently discovered exploit and mitigations on the @thenewstack today: thenewstack.io/building-with-…
thenewstack.io
Building With MCP? Mind the Security Gaps
A recent exploit raises concerns about the Model Context Protocol, AI's new integration layer.
We recently shipped a lot of updates to mcp-scan: - whitelisting of tools - Improvements to the server (reducing false-positives, improving detection) - run via npm/npx Much more coming soon! github.com/invariantlabs-… #mcp
github.com
GitHub - invariantlabs-ai/mcp-scan: Constrain, log and scan your MCP connections for security...
Constrain, log and scan your MCP connections for security vulnerabilities. - invariantlabs-ai/mcp-scan
🔴🌎 New MCP attack on BrowserMCP We show an MCP attack on the popular BrowserMCP. It allows attackers to read arbitrary files from your machine, when the agent visits the website below. Try yourself with: access.invariantlabs.ai No bad MCP server needed. (1/n)👇
United States Trends
- 1. #SmackDown 38K posts
- 2. Caleb Wilson 4,664 posts
- 3. Giulia 12.6K posts
- 4. #BostonBlue 3,838 posts
- 5. Rockets 19.9K posts
- 6. #OPLive 1,606 posts
- 7. #TheLastDriveIn 2,276 posts
- 8. Supreme Court 176K posts
- 9. Lash Legend 5,035 posts
- 10. Northwestern 4,365 posts
- 11. #Dateline N/A
- 12. Tulane 2,935 posts
- 13. Harrison Barnes N/A
- 14. Chelsea Green 5,459 posts
- 15. Reed Sheppard 1,135 posts
- 16. Sengun 4,019 posts
- 17. NBA Cup 8,794 posts
- 18. Darryn Peterson 2,259 posts
- 19. Jayden Maiava N/A
- 20. Tiger Johnson N/A
Something went wrong.
Something went wrong.