Is Your AI Agent Vulnerable?

📖 New Ebook Available

Build Your First MCP Server: A Developer's Guide to Wrapping Existing APIs for AI Agents to Use

Learn to create powerful AI integrations step by step

Get it for $9.99 →

Is your AI Agent vulnerable to attack?

Read about this Agent Flayer in which security researchers submitted support tickets to JIRA in order to get an Agent (in this case Cursor) to expose a users environment variables (secrets like API Keys).

When a Jira ticket can steal your secrets

One of the key suggestions they make are to turn off auto-run of commands and have your team inventory and approve MCP Servers for your company.

  • Turn off auto-run of commands
  • Inventory and approve MCP Servers for your company

Using Atlassian MCP would be fine if you don’t have routes for untrusted parties to make support tickets that a dev or pm would read up with an Agent.

Want to Chat About AI Engineering?

I hold monthly office hours to discuss your AI Product, MCP Servers, Web Dev, systematically improving your app with Evals, or whatever strikes your fancy. These times are odd because it's weekends and before/after my day job, but I offer this as a free community service. I may create anonymized content from our conversations as they often make interesting blog posts for others to learn from.

Book Office Hours