Security research, tool discovery patterns, and infrastructure insights for developers building with the Model Context Protocol.
The EU Council and Parliament agreed on May 7 to push the high-risk AI compliance deadline from August 2026 to December 2027. Multiple parallel mandates — DORA, NIS2, GPAI obligations, transparency rules — did not move. Here is what the Omnibus VII delay actually changes for organizations deploying AI agents.
Anthropic published the official 2026 MCP roadmap. Four enterprise gaps are named directly — audit trails, SSO-integrated auth, gateway behavior, configuration portability — and the spec team is explicitly routing them through extensions and a new Enterprise Working Group rather than into the core protocol.
PipeLab's State of MCP Security 2026 is the first comprehensive defense-coverage grading for the MCP ecosystem. 24,008 exposed secrets. 82% path-traversal vulnerability rate. Eight named in-the-wild incidents. The numbers describe a category that has outgrown its own tooling.
In January 2026, 341 malicious skills infiltrated OpenClaw's official registry. The MCP ecosystem faces the same structural vulnerability — and scanning alone won't fix it.
Unit 42's MCPTox benchmark found 72.8% attack success on o1-mini. More capable models are more vulnerable to MCP sampling injection because the attack exploits instruction-following. You cannot model-upgrade your way out of this.
