<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
  <title>Zfuzz Blog</title>
  <link>https://zfuzz.com/blog/</link>
  <atom:link href="https://zfuzz.com/feed.xml" rel="self" type="application/rss+xml"/>
  <description>Security research, MCP insights, and the future of AI-native security tooling.</description>
  <language>en</language>
  <item>
    <title>Best Security MCP Servers for AI Coding Agents (2026)</title>
    <link>https://zfuzz.com/blog/best-security-mcp-servers-ai-coding-agents-2026.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/best-security-mcp-servers-ai-coding-agents-2026.html</guid>
    <pubDate>Sun, 28 Jun 2026 23:28:51 +0000</pubDate>
    <description>A side-by-side comparison of security-focused MCP servers for Claude Code, Cursor, Codex, and Gemini CLI: what each one scans, what it misses, and which one covers the whole stack.</description>
  </item>
  <item>
    <title>Best SAST Tools for AI Coding Agents in 2026: A Data-Driven Comparison</title>
    <link>https://zfuzz.com/blog/best-sast-tools-ai-coding-agents-2026-comparison.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/best-sast-tools-ai-coding-agents-2026-comparison.html</guid>
    <pubDate>Sun, 28 Jun 2026 22:31:35 +0000</pubDate>
    <description>We compared 5 SAST tools on rule count, language coverage, AI agent integration, false-positive rates, and pricing. Here&#x27;s the 2026 landscape for security-aware AI development.</description>
  </item>
  <item>
    <title>Your AI Agent Still Leaks .env Even With Bitwarden</title>
    <link>https://zfuzz.com/blog/ai-agent-leaks-env-bitwarden-sealed-vault.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/ai-agent-leaks-env-bitwarden-sealed-vault.html</guid>
    <pubDate>Sun, 28 Jun 2026 20:38:14 +0000</pubDate>
    <description>Centralised secret managers fix storage. They do not fix the cleartext sitting in your AI agent&#x27;s address space at the moment of a prompt injection. Here&#x27;s the architecture that does.</description>
  </item>
  <item>
    <title>Secure AI Agent Development: The 7-Layer Defense Workflow</title>
    <link>https://zfuzz.com/blog/secure-ai-agent-development-7-layer-defense-workflow.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/secure-ai-agent-development-7-layer-defense-workflow.html</guid>
    <pubDate>Sun, 28 Jun 2026 10:46:15 +0000</pubDate>
    <description>We built a 7-layer security workflow for AI agent development. MCP config audit, dependency scan, secret detection, SAST, threat model, runtime guard, and CI gate. Here&#x27;s how.</description>
  </item>
  <item>
    <title>AI Agent Security Risks in 2026: A Technical Threat Landscape</title>
    <link>https://zfuzz.com/blog/ai-agent-security-risks-2026-threat-landscape.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/ai-agent-security-risks-2026-threat-landscape.html</guid>
    <pubDate>Sun, 28 Jun 2026 10:46:14 +0000</pubDate>
    <description>AI coding agents now execute code, install packages, and call APIs autonomously. We mapped 7 attack surfaces, 23 MITRE techniques, and the defenses that actually work.</description>
  </item>
  <item>
    <title>How Zfuzz MCP Would Have Caught the Mini Shai-Hulud Supply Chain Attack</title>
    <link>https://zfuzz.com/blog/zfuzz-mcp-mini-shai-hulud-supply-chain-attack.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/zfuzz-mcp-mini-shai-hulud-supply-chain-attack.html</guid>
    <pubDate>Sun, 28 Jun 2026 10:46:13 +0000</pubDate>
    <description>Microsoft disclosed a compromised @antv npm package chain — credential theft, C2 callbacks, persistence implants. We mapped every attack stage to the Zfuzz tool that catches it. 5 of 7 stages blocked.</description>
  </item>
  <item>
    <title>When Your AI Agent Gets Prompt-Jacked: Anatomy of a Real MCP Attack</title>
    <link>https://zfuzz.com/blog/ai-agent-prompt-jacked-anatomy-real-mcp-attack.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/ai-agent-prompt-jacked-anatomy-real-mcp-attack.html</guid>
    <pubDate>Sun, 28 Jun 2026 10:46:11 +0000</pubDate>
    <description>14:32 UTC. A developer asks their AI agent to summarize a GitHub issue. By 14:34 UTC, the agent has exfiltrated three AWS keys to an external server. Here is the exact sequence of events.</description>
  </item>
  <item>
    <title>The MCP Sprawl Effect: Why Your AI Agent&#x27;s Tool List Is an Attack Surface</title>
    <link>https://zfuzz.com/blog/effet-mcp-sprawl-attack-surface.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/effet-mcp-sprawl-attack-surface.html</guid>
    <pubDate>Sun, 28 Jun 2026 10:46:10 +0000</pubDate>
    <description>The average Claude Code user has 4-7 MCP servers. 88% have never audited their tool descriptions. The MCP Sprawl Index -- BREADTH x PRIVILEGE x OPACITY -- quantifies the attack surface your AI agent configuration creates.</description>
  </item>
  <item>
    <title>Zfuzz vs Semgrep MCP: Which Security Scanner Fits Your AI Workflow?</title>
    <link>https://zfuzz.com/blog/zfuzz-vs-semgrep-mcp-security-scanner-comparison.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/zfuzz-vs-semgrep-mcp-security-scanner-comparison.html</guid>
    <pubDate>Sun, 28 Jun 2026 10:46:09 +0000</pubDate>
    <description>Zfuzz covers 441 SAST rules, secrets, dependencies, and threat modeling in one MCP install. Semgrep MCP focuses on custom rule authoring. Here&#x27;s the data-driven comparison.</description>
  </item>
  <item>
    <title>Why 85% of MCP Server Configurations Ship with Security Gaps</title>
    <link>https://zfuzz.com/blog/mcp-server-configurations-security-gaps-85-percent.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/mcp-server-configurations-security-gaps-85-percent.html</guid>
    <pubDate>Sun, 28 Jun 2026 10:46:08 +0000</pubDate>
    <description>We analyzed 200 MCP configurations on GitHub. 85% had at least one critical gap: unpinned package versions, unnecessary environment variable exposure, or zero tool description audit. Your MCP config is a confession of everything you trust blindly.</description>
  </item>
  <item>
    <title>Your MCP Server Has Zero Authentication and Nobody Cares</title>
    <link>https://zfuzz.com/blog/mcp-server-zero-authentication-nobody-cares.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/mcp-server-zero-authentication-nobody-cares.html</guid>
    <pubDate>Sun, 28 Jun 2026 10:46:07 +0000</pubDate>
    <description>The MCP specification has no authentication layer. Every tool runs with your user privileges. Every MCP server you install is a trust-me-bro security model.</description>
  </item>
  <item>
    <title>How to Detect MCP Tool Poisoning: A Hands-On Guide</title>
    <link>https://zfuzz.com/blog/detect-mcp-tool-poisoning-hands-on-guide.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/detect-mcp-tool-poisoning-hands-on-guide.html</guid>
    <pubDate>Sun, 28 Jun 2026 10:46:06 +0000</pubDate>
    <description>We tested 47 public MCP servers. 6 had suspicious tool descriptions. Here&#x27;s exactly how to detect MCP tool poisoning before it compromises your agent.</description>
  </item>
  <item>
    <title>How to Audit Your MCP Server Configs for Prompt Injection</title>
    <link>https://zfuzz.com/blog/how-to-audit-mcp-server-configs-prompt-injection.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/how-to-audit-mcp-server-configs-prompt-injection.html</guid>
    <pubDate>Sun, 28 Jun 2026 10:46:05 +0000</pubDate>
    <description>MCP servers can hide malicious instructions in tool descriptions. Here&#x27;s how to detect prompt injection, tool poisoning, and SSRF risks in your AI agent configs.</description>
  </item>
  <item>
    <title>Migrate from Bitwarden Secrets Manager to Zfuzz Sealed Vault</title>
    <link>https://zfuzz.com/blog/migrate-bitwarden-secrets-manager-zfuzz-sealed-vault.html</link>
    <guid isPermaLink="true">https://zfuzz.com/blog/migrate-bitwarden-secrets-manager-zfuzz-sealed-vault.html</guid>
    <pubDate>Sun, 28 Jun 2026 10:46:04 +0000</pubDate>
    <description>Bitwarden Secrets Manager fixes rotation. It does not stop a prompt-injected AI agent from dumping the cleartext it loaded at boot. Here&#x27;s the 15-minute migration to a runtime that physically cannot leak.</description>
  </item>
</channel>
</rss>
