Invariant Labs

@snyksec Announcement: snyk.io/news/snyk-acqu…

We’re thrilled to officially join forces with @snyksec! Together, we’re changing the landscape of the agentic AI future. More to come!

😈 BEWARE: Claude 4 + GitHub MCP will leak your private GitHub repositories, no questions asked. We discovered a new attack on agents using GitHub’s official MCP server, which can be exploited by attackers to access your private repositories. creds to @marco_milanta (1/n) 👇

Invariant researchers have uncovered a new security flaw in GitHub’s official MCP server, enabling attackers to exfiltrate private repository data. The toxic flow was identified during an automated scan using Invariant's security stack. Learn more: invariantlabs.ai/blog/mcp-githu…

🔵 New release: Invariant MCP-scan v0.2 is here! Track, audit & secure all local MCP traffic with static+dynamic scanning, local guardrails, and customizable policies. Ideal for orgs prioritizing agent security & compliance. Docs: explorer.invariantlabs.ai/docs/mcp-scan/ #AI #DevSecOps

We are proud to share that AgentDojo, an Invariant research project done with @ETH, has won the first price of the @cais SafeBench competition. We truly appreciate this recognition from the community. Learn More: invariantlabs.ai/blog/agentdojo…

MCP-scan: github.com/invariantlabs-…

Blog post: invariantlabs.ai/blog/smithery-…

🛡️ We are thrilled to partner with @SmitheryDotAi to protect their MCP servers with Invariant MCP-scan. Also, a lot of features will be dropping in MCP-scan soon!

MCP is the hottest thing in AI right now, but people aren't really talking about the security implications... I covered a recently discovered exploit and mitigations on the @thenewstack today: thenewstack.io/building-with-…

We recently shipped a lot of updates to mcp-scan: - whitelisting of tools - Improvements to the server (reducing false-positives, improving detection) - run via npm/npx Much more coming soon! github.com/invariantlabs-… #mcp

For more details on Invariant Guardrails, check out our blog post: invariantlabs.ai/blog/guardrails

Invariant Guardrails, Gateway, and Explorer are all open-source. github.com/invariantlabs-… Check them out! We would love some feedback.

🛡️ We just released Invariant Guardrails — a contextual guardrail system for agents and MCP-powered AI applications. Open source & easy to deploy. 🧵

🔴🌎 New MCP attack on BrowserMCP We show an MCP attack on the popular BrowserMCP. It allows attackers to read arbitrary files from your machine, when the agent visits the website below. Try yourself with: access.invariantlabs.ai No bad MCP server needed. (1/n)👇

A small disclaimer: We use Invariant Guardrails server-side via an API, and we are collecting tool names and descriptions for security research purposes (not your user data!). Don't use it if you don't want to share your tools.

For more details, check out our full blog post on MCP-Scan: invariantlabs.ai/blog/introduci…

After covering MCP vulnerabilities over the last few days, today, we are launching MCP-scan, a security scanner to detect MCP attacks. Run it now: uvx mcp-scan@latest 🧵