惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LangChain Blog
宝玉的分享
宝玉的分享
酷 壳 – CoolShell
酷 壳 – CoolShell
N
Netflix TechBlog - Medium
F
Fortinet All Blogs
T
Tailwind CSS Blog
Google DeepMind News
Google DeepMind News
Jina AI
Jina AI
J
Java Code Geeks
Recent Announcements
Recent Announcements
The Cloudflare Blog
D
DataBreaches.Net
Hugging Face - Blog
Hugging Face - Blog
WordPress大学
WordPress大学
Vercel News
Vercel News
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Microsoft Azure Blog
Microsoft Azure Blog
雷峰网
雷峰网
H
Help Net Security
博客园 - Franky
S
SegmentFault 最新的问题
T
The Blog of Author Tim Ferriss
博客园_首页
C
Check Point Blog
腾讯CDC
美团技术团队
Martin Fowler
Martin Fowler
The GitHub Blog
The GitHub Blog
M
MIT News - Artificial intelligence
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
U
Unit 42
人人都是产品经理
人人都是产品经理
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Engineering at Meta
Engineering at Meta
M
Microsoft Research Blog - Microsoft Research
阮一峰的网络日志
阮一峰的网络日志
G
Google Developers Blog
Stack Overflow Blog
Stack Overflow Blog
B
Blog
Last Week in AI
Last Week in AI
博客园 - 三生石上(FineUI控件)
博客园 - 聂微东
云风的 BLOG
云风的 BLOG
H
Hackread – Cybersecurity News, Data Breaches, AI and More
李成银的技术随笔
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 叶小钗
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知

DEV Community

Optic is dead. A 2026 migration guide for OpenAPI breaking changes Smart Blind Stick, Mini Project Symfony 8 AWS Secrets Bundle What RepoSignal Surfaced in React — and Why Review Alone Doesn't Catch Everything LeetCode Solution: 1752. Check if Array Is Sorted and Rotated Breaking the Matrix at 15: How I Built a Cyber-Aesthetic AI Assistant Core Powered by Gemma 4 Разработка Android Kiosk приложения No More Manual Test Writing: How I Used Gemma 4 to Turn a GitHub Repo Into a Full Test Suite 🎯 Trafik Cezaları Platformları Geliştirirken Öğrendiğim Teknik Dersler The Myth of Low Latency: Why Event Meshes Make Your System Slow Building EIDOLON OS — A Local-First AI Cognitive Operating System qrrot - database with AI I Built a Local Gemma 4 Reviewer for Merchant Registry Evidence Compass v1.1.0 · we shipped a memory plugin that catches its own consumption drift How to build your first MCP server in 10 minutes Expo SDK 56 Is Out, and a Few Things Finally Clicked Into Place Building a 100ms Browser-Native WebSocket Clipboard Cómo solucionar `docker run` con `Exited (1)` en Raspberry Pi Why Claude Code Sessions Diverge: A Mechanism Catalog When One AI Agent Is Not Enough: A Practical Delegation Pattern for Enterprise Systems Cómo solucionar el bucle infinito en `useEffect` con objetos y arrays 🛢️ The Dangote Chain: What a Blockchain-Native Refinery IPO Would Look Like Build a "Where to Watch" feature in 50 lines with the StreamWatchHub API Gemma 4 on Android: Tricks for Faster On-Device Inference Your AI agent has amnesia. You've just normalized it. 🚀 Reviving My Women Safety System – From Idea to Real-Time Smart Safety Solution I built an AI that reviews every PR automatically (because nobody was reviewing mine) 🌿 Git Mastery: The Complete Developer Guide Bringing Gemma 4 E2B to the Edge: Building a Privacy-First Dream Analyzer with Flutter & LiteRT Google I/O 2026 Wasn’t About Features — It Was About AI Becoming the Developer Environment Building an AI Vedic Astrology App in 25 Days — What Actually Worked (and What Didn't) Hermes Agent Has Four Memories — And That's Why It Doesn't Forget You Pressure Isn't Killing You -Your Relationship With It Is 🐳 How to Run Any Project in Docker: A Complete Guide AccessLens — a blind person's lanyard, powered by Gemma 4 on-device Glyph v0.2: the release is the joinery How I Built a Blazingly Fast, Privacy-First Batch Image Converter in the Browser Using OPFS and Web Workers Cómo solucionar \"Text content does not match server-rendered HTML\" en Next.js App Router FCoP 3.0: Why AI Agents Need a Track, Not a Brake Fibonacci: Quiz app which anyone can make revenue by viewing ads to the quiz contestants. The Subconscious Powered by Edge AI GPU Utilization Is Becoming the New Cloud Waste Crisis Cómo solucionar `docker run` con exit code 1 en Raspberry Pi JWT is a scam and your app doesn't need it 7 Agent Skill Packs That Actually Make AI Coders Better More Control, More Cost: Why Commanding AI Isn't Delegation SecureScan Synthadoc: We Built an AI Judge for Our AI Wiki Compiler - Here's What We Learned Cómo solucionar el error de permiso al ejecutar `pip.exe` en entorno virtual (Python 3.10 en Windows) Postgres-grade Serializable at 20k+ ops/s — on a laptop. Don’t try this at home. Pure Core, Imperative Shell in Rust with Stillwater Lean 4 for Programmers: Building a Todo List with Proof Trustless Bug Bounty Releases with a PoW-Gated DLC Oracle Building Autonomous DevOps Agents with MCP and LangChain Multimodal Gemma 4 Visual Regression & Patch Agent Git Time Machine — How Version Control Can Save Your Project My Dad Got an Electricity Bill He Couldn't Understand. Google I/O 2026 Just Made That Problem Solvable. My Dad Got an Electricity Bill He Couldn't Understand. Google I/O 2026 Just Made That Problem Solvable. Read Replicas Lie About Consistency. 4 Sync Modes Behind the Lie. Reviving My Coding Project with GitHub Copilot I Tried Gemini 3.5 Flash After Google I/O 2026 - Here is What I Found :)) Zero-Cost AI in VS Code Blueprints Might Be More Important Than Frameworks AI CareCompanion - Offline Health Assistant Long-Context Models Killed RAG. Except for the 6 Cases Where They Made It Worse. I Built a Neural Network Engine in C# That Runs in Your Browser - No ONNX Runtime, No JavaScript Bridge, No Native Binaries An In-Depth Overview of the Apache Iceberg 1.11.0 Release Your Agent Just Called the Same Tool 47 Times. Here's the 20-Line Detector. How I Built a Multi-System Astrology Bot in Python (And What Meta Banned Me For) Gemma 4 Has Four Variants. Here's How to Pick the Right One Before You Write a Single Line of Code. Log Level Strategies: Balancing Observability and Cost Why WebMCP Is the Most Important Thing Google Announced at I/O 2026 (And Nobody's Talking About It) Making LLM Calls Reliable: Retry, Semaphore, Cache, and Batch Google's 2x Energy Efficiency Claim Is Real — But Here's What They're Not Measuring What's actually going on with CORS, under the hood Language-Agnostic Code Generation: The Driver Plugin Model Why We Rewrote Our Python CLI in Go (and What We Gained) I added up everything Google gives developers for free after I/O 2026. It's kind of absurd The Dawn of Smarter Apps: My Take on Google I/O 2026 AI Announcements Why AI Agents Like Hermes Need a Semantic Execution Layer for the Physical World Why We Built TestSmith: The Test Coverage Problem Nobody Talks About How to Convert Bank Statement PDFs to Excel: The Complete 2026 Guide Have You Ever Used a Website That Keeps Working After You Turn Off Your Internet? From idea to indexed: how I launched a SaaS in 60 days with Laravel + React Building a local-first AI tutor for my daughter (and 10–14 year-olds in Austrian schools) with Gemma 4 EC2 SSH Not Connecting? Here Are the 5 Things That Were Wrong (And How I Fixed Them) Best AI Tools for HVAC Contractors 2026 From Closed Internal Stack to Open-Source Ecosystem: I Finally Shipped Three Years of .NET Infrastructure Scrumpan is offlically LIVE!! Building a BMI Calculator CLI with TypeScript — Types, Functions, and Vitest From Building WordPress Websites to Node.js APIs: My Honest Full Stack Journey XiHan Snore Coach: Privacy-First On-Device MedTech Guardian powered by Gemma 4 Mobile Why AI Coding Agents Hallucinate and How to Fix It mcp-probe v1.4.0: Contract assertions for production MCP servers Google I/O 2026 Wasn't About One More Model. It Was About the Agent Stack. How I built 100+ crypto calculators in 6 languages on Astro The Dawn of Local Multi-Agent Architectures: Why Gemma 4 Changes Everything for Cloud Developers # I Told My AI to Simulate a Planet for 10,000 Years. It Built the Whole Thing Itself. 18/30 Days System Design Questions! From Hackathon Chaos to Clean CLI: Reviving My Daily Routine Analyser with GitHub Copilot
The NSA just published an MCP security playbook. We created Agent Trust Transport Protocol ATTP - Implement today with MCPS
razashariff · 2026-05-24 · via DEV Community

In May 2026 the United States National Security Agency published a Cybersecurity Information notice titled Model Context Protocol (MCP): Security Design Considerations
for AI-Driven Automation (document ID U/OO/6030316-26 / PP-26-1834). It is fifteen pages on what the NSA considers the minimum security baseline for any production MCPdeployment.

If you are building anything on MCP, server, client, gateway, orchestrator, framework, or agent runtime, read it. Then read this, because the standards work the NSA describes already exists, and you can integrate it today.

What the NSA called out

Four operational requirements run through the document.

  1. Cryptographically sign and verify MCP messages

Quoting the NSA directly (page 12): "the standard can be extended with cryptographic signatures directly within the JSON payload ... MCP messages should include expiration timestamps and replay protection metadata ... cryptographically bind requests to time and context to prevent tampering, intentional replay techniques, and
unintended re-execution."

Translation: TLS is not enough. The MCP payload itself needs an envelope with a signature, a nonce, a timestamp, and a freshness window.

  1. Cryptographic identity for agents (not bearer tokens)

Page 4: MCP "lacks support for exchanging Role Based Access Control permissions at instantiation." Bearer tokens can be lifted, replayed, and impersonated. Agents need
verifiable cryptographic identity, bound to scope, trust level, and issuer.

  1. Structured audit logging with cryptographic integrity

Page 12 to 13: log every tool invocation, every parameter, every result, with cryptographic hashes, so an XDR or SIEM can reconstruct exactly what happened and prove it
has not been altered.

  1. Track MCP-specific CVEs and patch them

Page 13: build a vulnerability-monitoring process around your MCP package surface, the same as you would for any other production dependency.

What already exists, today

Here is the awkward bit, depending on where you sit: every single one of these four requirements has an open specification, a reference implementation, and at least one
production integration. They predate the NSA notice.

MCPS, the cryptographic signing layer for MCP

draft-sharif-mcps-secure-mcp on the IETF Datatracker since March 2026. Four primitives:

  1. Agent Passports. Cryptographic identity bound to a specific origin.
  2. Signed message envelopes. ECDSA P-256 over a canonical-signing-string, with timestamp and nonce, for integrity and non-repudiation.
  3. Tool definition signatures. Covering the full tool object, so a downstream client can detect tool poisoning or schema tampering.
  4. Nonce plus timestamp replay protection with transcript binding, to prevent downgrade attacks.

The wire format is JSON-on-the-wire, signing-string-canonical, and stays inside the MCP message body. No transport changes, no protocol fork.

ATTP, agent-trust transport above MCPS

draft-sharif-attp, live since 1 May 2026. Where MCPS does message-level signing for MCP, ATTP defines a protocol-agnostic trust transport above it: five hierarchical
trust levels (L0 to L4), action-limit enforcement, compliance gating, and tamper-evident audit. It maps onto MCP, REST, Google A2A, gRPC, and GraphQL.

Live demo with real ECDSA P-256 in the browser, including tamper and strip-ATTP buttons:
👉 https://attp.cybersecai.co.uk

AgentPass, the identity / RBAC layer the NSA describes

L0 to L4 trust grades, OFAC and HMT sanctions screening (75,784 entries baked in), graduated spend limits, hash-chained audit trails, agent-to-agent payment
authorisation, optional Mastercard risk integration.

👉 https://agentpass.co.uk

The Go SDK (agentpass-go) verifies agent identity certificates with zero network calls. Pure local crypto, standard library only, no CGo. Trust anchors load like TLS
root CAs.

x-agent-trust, agent trust as a first-class OpenAPI declaration

Merged into the official OpenAPI Initiative Extension Registry on 11 April 2026, approved by Henry Andrews and Mike Kistler (Microsoft):
👉 https://spec.openapis.org/registry/extension/x-agent-trust.html

components:
securitySchemes:
AgentTrust:
type: apiKey
description: Uses agent trust information in lieu of a traditional API key. Requires the x-agent-trust extension.
in: header
name: Agent-Signature
x-agent-trust:
algorithm: ES256
trustLevels: [L0, L1, L2, L3, L4]
issuerKeysUrl: /.well-known/agent-trust-keys
security:
- AgentTrust: [L3]

Any OpenAPI-described service can now declare which agent trust level is required to call which operation. Tooling that understands the extension can verify the
Agent-Signature header before the request even reaches application code.

OWASP MCP Security Cheat Sheet, Section 7

Section 7, Message-Level Integrity and Replay Protection contributed via PR #2065, merged 26 March 2026. The cheat sheet now documents the patterns the NSA later
described, including signing JSON-RPC messages with asymmetric keys, including nonces and timestamps, and pinning tool definitions using hashes.

OWASP AISVS 1.0, Chapter C10

An entire chapter on MCP Security, with verifiable requirements at L1 to L3. Two requirements map directly to the MCPS spec:

  • 10.2.11 (L2). Agents authenticate using cryptographically bound identity credentials rather than bearer-only tokens, ensuring agent identity cannot be transferred, replayed, or impersonated.
  • 10.4.10 (L3). MCP servers sign tool responses with a unique nonce and timestamp within a bounded time window, so the calling agent can verify origin, integrity, and freshness, preventing spoofing, tampering, and replay.

CVE-2026-39313, and five more on the clock

CVE-2026-39313. Unbounded-memory-allocation vulnerability in mcp-framework (CWE-770, High), assigned and published 16 April 2026.

Five further CVE submissions, across ~57M weekly downloads of MCP packages (including the official MCP TypeScript and Python SDKs), are under coordinated-disclosure clock.

This is the NSA's recommendation #4 in action. The package surface is being audited, and the gaps are being closed.

In production, today

moov-io / watchman (Apache 2.0, ~460 stars). Sanctions screening used by SEC-registered transfer agents and BaaS platforms. MCPS and AgentPass are merged into main. The production deployment guide ships an AgentPass configuration block:

AgentPass:
TrustAnchorPath: /etc/watchman/agentpass-ca.pem
MinTrustLevel: 2
RequiredScopes:
- sanctions:search

👉 https://github.com/moov-io/watchman/blob/master/docs/mcp.md

Cisco AI Defense. Cisco's commercial agent-security product ships our MCPS protocol as part of its agent-defence stack.
👉 https://www.cisco.com/site/us/en/products/security/ai-defense/index.html

Kong API Gateway. A plugin that turns every API behind Kong into an MCPS-signed endpoint with zero developer effort. Available to design partners under NDA.

AEBA-XDR, runtime behaviour analysis for every agent. Anomaly detection in milliseconds. Eight behavioural dimensions, every agent cryptographically identified,
hash-chained tamper-evident audit, native forwarders for major XDR and SIEM platforms via CEF, LEEF and syslog RFC 5424. Free evaluation tier for up to three agents.
👉 https://aeba.co.uk

What to do this week

If you ship MCP in production:

  1. Pin MCP-package versions and subscribe to CVE feeds for every MCP-related dependency. Start with CVE-2026-39313.
  2. Add MCPS message signing to your most-sensitive tool invocations. The spec is small enough to implement from draft-sharif-mcps-secure-mcp in a sprint.
  3. Declare your agent-trust requirements in your OpenAPI document using x-agent-trust. Whether or not your runtime enforces them yet, you have made the requirement machine-readable for everything downstream.
  4. Wire your tool invocations into a tamper-evident audit log that maps to the AISVS C10 controls.
  5. Read the NSA notice. If you skim only one document on MCP security this quarter, skim that one.

The standard exists. The reference code exists. The integrations exist. The CVE feed exists.

The protocol can be secured. Now there is no reason not to.

Raza Sharif (FBCS, CISSP, CSSLP)
Founder, CyberSecAI Ltd

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。