Claude Code has an MCP security problem — and your developers are already using it

This opinion piece warns that Anthropic's AI coding assistant, Claude Code, has a critical security vulnerability involving the Model Context Protocol (MCP). Researchers at Mitiga Labs demonstrated an attack chain where a malicious npm package with a post-install hook rewrites a single configuration file (~/.claude.json), which controls how Claude Code routes MCP traffic. This redirects authenticated requests and OAuth tokens (stored in plaintext) to attacker-controlled infrastructure instead of legitimate services like Jira, Confluence, or GitHub. The attacker then holds valid long-lived bearer tokens. The attack is difficult to detect because provider audit logs show Anthropic’s IP range and a valid user session — nothing appears wrong, but the user did not initiate the actions. Anthropic responded that the issue was out of scope, reasoning that prior code execution requires user consent to install the package, and as of this writing no patch exists. The article notes previous vulnerabilities in Claude Code (CVE-2025-59536 and CVE-2026-21852) that followed a similar pattern of exploiting configuration files as active execution paths. The author advises security teams to monitor ~/.claude.json for unexpected changes, treat npm post-install hooks as a first-class security concern, and audit and rotate OAuth tokens connected to Claude Code integrations. The piece concludes that developers are already using Claude Code, and security teams must implement detection and response now rather than waiting for a vendor patch. 

https://www.csoonline.com/article/4181230/claude-code-has-an-mcp-security-problem-and-your-developers-are-already-using-it.html

Comments

Post a Comment

Popular posts from this blog

Prompt Engineering Demands Rigorous Evaluation

In the blog post “Prompt Engineering Requires Evaluation” on the Shostack + Associates website, the author argues that treating prompts for large language models (LLMs) merely as creative artefacts is insufficient. Engineering prompts properly demands structured evaluation frameworks — what the AI community calls “evals” — to test which prompt versions work better, with which models, and under which conditions. The post highlights that simply assuming a prompt is “good enough” creates risks when LLMs are integrated into production systems (e.g., for threat modeling). It advocates for measuring prompt performance, variation effects, and tool-chain dependencies (model, context, ancillary materials).  Ultimately the message is: prompt engineering should borrow disciplined practices from software engineering (versioning, testing, benchmarking) rather than relying on informal experimentation.  https://shostack.org/blog/prompt-enignieering-requires-evaluation/
Read more

SecObserve: Simplified Vulnerability and License Management for CI/CD Pipelines

 SecObserve is an open-source tool for managing vulnerabilities and licenses in software development and cloud environments. It integrates various vulnerability scanners into CI/CD pipelines using GitLab CI templates and GitHub Actions for streamlined setup. It offers a centralized dashboard for assessing and reporting vulnerabilities, with tools for filtering, sorting, and evaluating results. SecObserve supports automation and manual assessments to focus on resolving critical issues.  https://github.com/MaibornWolff/SecObserve/tree/dev
Read more

NIST Updates Guidelines: Focus on Strong Passwords and MFA Over Frequent Rotation

 NIST has updated its guidelines, advising against mandatory password changes every 30-90 days unless a breach occurs. Frequent changes often lead to weak passwords, as users may make minimal adjustments. The focus has shifted to strong passwords and Multi-Factor Authentication (MFA) as more effective security measures. Despite this, automated password rotation remains crucial for securing sensitive accounts, especially for privileged users. It helps prevent unauthorized access, reduces exposure time, and ensures strong, unique passwords without burdening users. https://www.techradar.com/pro/navigating-nists-updated-password-rotation-guidelines
Read more