Manifold Security

Manifold's @NealSwaelens and @alex_yaremchuk sat down with @tnachen and @robby_mtf to talk about the new attack surface AI agents are creating and what runtime security actually needs to look like. Thanks @OssStartup for having us on!

The problem most often isn't the adversary outside. It's your own agent, circumventing your controls. Mike McKenna on Cyber Security Matters:

Fixed in v3.6.0. If you're running an earlier version, update now. Discovered by Francisco Rosales (@0xmagic0). Disclosure coordinated by Ax Sharma (@Ax_Sharma). Full writeup: mnfld.se/k8s-readonly-b…

In the worst case, this is full cluster compromise for anyone who can reach the endpoint. The tool names are documented. One request bypasses every restriction mode. This pattern isn't unique to this server. The MCP spec doesn't enforce it, so every implementation rolls its own access control.

CVE-2026-46519 (CVSS 8.8). Our research team found a high-severity access control bypass in mcp-server-kubernetes. 20K+ weekly npm downloads. 🧵

MCP servers control what your agent accesses, where data goes, and what gets executed. Most expose an HTTP endpoint and tool descriptions. That's it. Manifest, Manifold's open-access AI supply chain intelligence tool, now scores all 7,700. Free, open access: mnfld.se/manifest-mcp-x

One enterprise AI security scanner flagged 40%+ of skills as malicious. We scanned 19,000+. Most were fine. This is a clear sign that the approach is mismatched to the threat. Full analysis from @Ax_Sharma here: mnfld.se/scanner-fp-x