@brooksmcmillin.com on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Brooks

brooksmcmillin.com

did:plc:un2ezdj3lajzyurcrc4dwd3s

2/ But the new threat model is real. Your OAuth client is now a reasoning engine that can be lied to. I demoed a malicious MCP server that exfiltrates data from a legitimate task manager through the AI agent. No jailbreaking. Just a poisoned tool description.

2026-02-07T16:39:27.632Z