[AI Sec Intel] #14 Your coding agent's approval prompt is lying to you.
SymJack and TrustFall broke every major AI coding agent this month: Claude Code, Cursor, Gemini, Copilot, Codex. The dialog you click through doesn't say what you're approving. Here's what to do.
![[AI Sec Intel] #15 One character in a header bypasses auth on millions of AI servers.](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/52e53387-9b9d-4792-a5e2-78068be9ebfe/newsletter-15-one-character-bypasses-auth-on-millions-of-ai-servers.jpg)
![[AI Sec Intel] #14 Your coding agent's approval prompt is lying to you.](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/445533bb-3e79-462a-9555-fb26d4a45318/newsletter-14-your-coding-agents-approval-prompt-is-lying-to-you.jpg)
![[AI Sec Intel] #13 Six governments just told you how to secure AI agents. Here's the part that's actually useful](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/188470fe-3f8f-4a01-ac2b-4b9979cbce9d/newsletter-13-six-governments-agree-your-ai-security-model-was-wrong.jpg)
![[AI Sec Intel] #12 — Claude Mythos, SAFE-MCP, MCPShield: the week the research caught up with the threat](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/24db3ce1-1046-4860-9685-d8519773fad1/newsletter-12-claude-mythos-found-thousands-of-zero-days.jpg)
![[AI Sec Intel] #11 — MCP servers just tripled. Here's the full attack map](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/ac5fef20-1ec0-4fe1-8f23-63f99b99d982/newsletter-11-mcp-servers-just-tripled.jpg)
![[AI Sec Intel] #10 — MCP servers trust every caller by default. Here's the checklist that closes the gap.](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/10f6d6d8-e85d-4797-9984-5f2568aad18b/newsletter-10-most-mcp-servers-trust-every-request-by-default.jpg)
![[AI Sec Intel] #9 — Eight agent exploits in Q1. 200k vulnerable MCP servers and Anthropic won't fix the protocol.](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/b10d6435-1506-4309-a259-7fb2b83f5c5c/newsletter-9-eight-agent-exploits-in-q1-alone-and-200k-vulnerable-mcps.jpg)
![[AI Sec Intel] #8 — Closed Agent Harness = threat model blind spot](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/3bd81daa-bc53-436a-a767-975a75be01e0/newsletter-8-closed-agent-harness-_-threat-model-blind-spot.jpg)
![[AI Sec Intel] #7 — 97% expect an AI agent breach this year](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/1ffde2b1-2a15-4aeb-88cc-d526814ed083/newsletter-7-massive-ai-agents-breaches-expected-let-s-build-our-own-cybe.jpg)
![[AI Sec Intel] #6 — Trivy compromised. LiteLLM backdoored. Your CI pipeline is the new attack surface.](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/86759637-077c-4963-8bda-818024dc28af/newsletter-6-ci-pipeline-is-the-new-attack-surface.jpg)
![[AI Sec Intel] #5 — 28 out of 30 agent projects. Zero per-agent identity. Zero revocation.](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/1dfdcc0d-cbdc-43c5-aee8-007d288e99f0/newsletter-5-93_-of-agent-projects-have-authorization-issues.jpg)
![[AI Sec Intel] #4 - Three attack papers dropped this week. All point to the same architectural flaw.](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/a24dca73-33b3-49a1-bea1-25acdd99b442/newsletter-4-three-attack-papers-dropped-this-week.-all-point-to-the-same.jpg)
![[AI Security Intelligence] #3 — I Red-Teamed My Own Agent Stack, PleaseFix Hijacks Browsers Through Calendar Invites](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/f6ecc8cb-6fc6-4b6f-97c0-3d903504d653/newsletter-3-i-red-teamed-my-own-agent-stack-pleasefix-hijacks-browsers-t.jpg)
![[AI Security Intelligence] #2 — Claude Code Supply Chain RCE, AI-Powered FortiGate Blitz, Infostealers Now Harvest AI Agent Souls](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/cc57deb4-b074-43ff-8a71-aa43cd902866/newsletter-2-code-supply-chain-rce-ai-powered-fortigate-blitz.jpg)
![[AI Security Intelligence] #1 — DockerDash MCP Takeover, vLLM CVSS 9.8 RCE, Cisco State of AI Security 2026](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/asset/file/1bce26b7-019a-425d-9ec7-3744b02fe124/newsletter-1-dockerdash-mcp-takeover-vllm-cvss-9.8-rce-cisco-state-of-ai-.jpg)