Enterprise AI agents pick tools from shared registries using natural-language descriptions, without human verification that those descriptions are true. Research highlights that “tool poisoning” isn’t one bug but multiple failures across selection and execution. Legacy supply-chain controls prove artifact integrity, not behavioral integrity—so a signed, verifiably sourced tool can still inject instructions, drift over time, or break contracts.
A security audit by OX Security claims MCP’s default STDIO transport can execute arbitrary operating system commands received by an AI agent. Researchers found 7,000 publicly reachable servers and estimate 200,000 vulnerable instances, confirming impact across multiple production platforms. Anthropic says the behavior is expected by design and leaves input sanitization to developers. Security leaders warn this is a dangerous, scalable “distributed failure mode.”
Your news, in seconds
Get the Beige app — every story in 60 words, updated hourly. Free on iOS & Android.
Swiggy is opening its AI commerce infrastructure through Builders Club, a developer programme for external builders, startups, and enterprises. Backed by AWS and powered by Amazon Bedrock and AgentCore, it grants approved teams access to multiple MCP servers and 18+ APIs across Swiggy Food, Instamart, and Dineout. Builders can create AI agents and copilots that take real actions, with invite-led access, rate limits, and engineering support.
Swipe through stories, personalise your feed, and save articles for later — all on the app.
