惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
S
Secure Thoughts
V2EX - 技术
V2EX - 技术
大猫的无限游戏
大猫的无限游戏
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
O
OpenAI News
D
DataBreaches.Net
The Cloudflare Blog
L
LangChain Blog
Last Week in AI
Last Week in AI
酷 壳 – CoolShell
酷 壳 – CoolShell
The Register - Security
The Register - Security
MyScale Blog
MyScale Blog
Help Net Security
Help Net Security
Jina AI
Jina AI
T
The Blog of Author Tim Ferriss
T
The Exploit Database - CXSecurity.com
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园 - 叶小钗
The Last Watchdog
The Last Watchdog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
TaoSecurity Blog
TaoSecurity Blog
博客园 - 司徒正美
aimingoo的专栏
aimingoo的专栏
C
Cyber Attacks, Cyber Crime and Cyber Security
A
Arctic Wolf
T
Tenable Blog
Know Your Adversary
Know Your Adversary
Google DeepMind News
Google DeepMind News
量子位
The Hacker News
The Hacker News
AWS News Blog
AWS News Blog
Apple Machine Learning Research
Apple Machine Learning Research
Vercel News
Vercel News
Hacker News: Ask HN
Hacker News: Ask HN
Scott Helme
Scott Helme
小众软件
小众软件
Recent Commits to openclaw:main
Recent Commits to openclaw:main
T
Threat Research - Cisco Blogs
G
GRAHAM CLULEY
H
Heimdal Security Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园_首页
B
Blog
GbyAI
GbyAI
P
Palo Alto Networks Blog
美团技术团队
Hacker News - Newest:
Hacker News - Newest: "LLM"
博客园 - Franky

Blog | Orca Security

Langflow RCE Actively Exploited to Deploy Cryptominers on AI Infrastructure Kubernetes Compliance Tools: Automating CIS Benchmarks Risk-Based Vulnerability Management for the Cloud: A 2026 Guide Private Cloud Security: Top Risks and Best Practices (2026) What Is Generative AI in Cybersecurity? Best Vulnerability Management Tools and Software in 2026 2026 State of Application Security Report Recap: What the Data Says and What Security Teams Should Do About It AI Security for Sensitive Data: Best Practices and Guidelines Best AI Code Security Solutions 2026: How to Secure AI-Generated Code From Platform to Program: How to Ensure Your Cloud Security Solution Delivers Best AI Cybersecurity Providers 2026: A Buyer's Guide to AI-Powered Security Platforms Join Orca Security at Black Hat USA 2026 CNAPP Tools That Reduce Security Tool Sprawl: CNAPP vs. Dedicated Solutions What Is Container Runtime Security? A Practical Guide 2026 What Is Application Security Testing? Tools and Types What Is Managed Cloud Security? A Practical Guide What Is SaaS Security Posture Management? SSPM Guide Top 10 Cloud Security Standards for Compliance What is the MIT License? Compliance and Comparisons AI Agents vs. Agentless Security vs. Agent-based Security 144 Mastra npm Packages Compromised via Supply Chain Attack The Complete Guide to LLM Security: Risks, Best Practices, and Solutions Cloud Security LIVE 2026: Top 10 Takeaways Practitioners Can Use Now Cloud Security LIVE 2026: Top 10 Takeaways CISOs Can Use Now (and What to Do Next) How Orca Traced an nginx Flaw to 1.45 Million Tengine Servers All Running Vulnerable Code What to Look for in Container Security Tools Cloud Application Security Best Practices for DevSecOps Cloud Security Tools: 10 Types Explained for Teams What Is NIST CSF? Framework 2.0 Explained 7 Open Source Incident Response Tools by Category Critical Langflow Path Traversal Flaw Exploited for Unauthenticated RCE Critical PhpSpreadsheet RCE Patch Bypass Puts Millions at Risk Critical Splunk Enterprise Vulnerabilities Allow Unauthenticated File Operations and Remote Code Execution 16 Best Open Source Application Security Tools 2026 What Is Containerization? Security and Best Practices 8 Container Security Best Practices for 2026 Close the Cloud Identity Gap with Orca and AWS IAM Access Analyzer The 5-Step Context-Aware Cloud Vulnerability Prioritization Framework Critical Jupyter Enterprise Gateway Vulnerabilities Enable Full Kubernetes Cluster Takeover AI Security Best Practices for Regulated Industries Massive PyPI Supply Chain Attack Harvests Cloud Credentials via Python Startup Hooks SAST vs SCA: Key Differences for AppSec Teams What Is Cloud Security Architecture? Principles, Layers, and Frameworks What Is ASPM? A Guide to Application Security Posture Management What Is SaaS Security? A Practical Guide 2026 What Is a Man-in-the-Middle Attack? A Cloud Security Guide What Is Open Policy Agent? Best Practices and Use Cases 11 Best Open-Source DevSecOps Tools for 2026 How to Secure AI Workloads in Multi-Cloud Environments: A Complete Framework Critical WordPress Plugin Vulnerability Allows Unauthenticated Admin Takeover on 150K Sites What Is Kubernetes as a Service? KaaS Explained Critical Netlogon RCE Flaw Actively Exploited Against Windows Domain Controllers Your FedRAMP Continuous Monitoring Strategy Has a Gap. We Built Something to Fix It. How to Simplify Multi-Cloud Compliance Reporting: The 2026 Checklist Red Hat npm Packages Compromised in Supply-Chain Attack Spreading Credential-Stealing Worm Critical RCE in LiquidJS Lets Attackers Execute Arbitrary Commands on Unpatched Hosts Securing Shadow AI: How to Detect Unapproved LLMs in Your Cloud Data Security Posture Management (DSPM) for AI Gitea Container Registry Exposes Private Images to Unauthenticated Attackers Critical Unauthenticated RCE in Kopia Backup via SSH ProxyCommand Injection Best Palo Alto Networks Cortex (Prisma Cloud) Alternatives in 2026 7 Enterprise AI Security Risks to Manage Critical Pre-Auth RCE in ChromaDB Threatens AI Infrastructure Critical Coder Signature Bypass Exposes Developer Keys and Tokens New “PoolSlip” NGINX Exploit Revives Unpatched Remote Code Execution Risk Critical Drupal SQL Injection Exposes PostgreSQL-Backed Sites to Remote Code Execution AI Security Tools: How to Evaluate Them Across Every ML Attack Phase Massive npm Supply Chain Attack Compromises AntV Ecosystem, Steals CI/CD Secrets at Scale NIST AI Risk Management Framework (AI RMF) Explained: What It Is and How Organizations Use It The AI Data You Forgot to Lock: How Exposed Vector Databases Put Organizations at Risk GenAI Risks in Cloud Environments: What Security Teams Are Actually Missing in 2026 What Is Multi-Cloud Security? What Is Cloud Detection and Response (CDR)? Linux kernel vulnerability enables local theft of SSH host keys and /etc/shadow 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated DoS and Potential RCE Announcing Cloud Security Agent Skills for Orca’s MCP Server TanStack and 160+ npm/PyPI Packages Compromised in Supply Chain Worm Attack Dirty Frag: Linux Kernel Vulnerability Chain Enables Local Privilege Escalation to Root Critical Apache HTTP Server HTTP/2 Vulnerability Could Enable Remote Code Execution Skill Issues: How We Discovered Supply Chain Attack Vectors in an AI Agent Skills Marketplace What Is an Incident Response Plan? What Is Cloud Data Security? Risks, Challenges, and 12 Best Practices Remote Code Execution in GitHub Enterprise Server via Git Push Injection (CVE-2026-3854) Linux Kernel Bug (Copy.Fail) Enables Local Privilege Escalation to Root (CVE-2026-31431) Xinference PyPI package compromise leads to full environment takeover What is Application Security? When AI Accelerates the Offense, Coverage Gaps Become Catastrophic Orca Security Recognized in the 2026 TAG Enterprise AI Security Handbook Navigating Cloud Security in 2026: Join Cloud Security LIVE Anthropic’s Project Glasswing Is a Positive Step Toward Cleaner, Safer Production Kyverno SSRF: Breaking Kubernetes Namespace Isolation (CVE-2026-4789) Streamline Compliance Reporting with Orca and Drata’s Integrated Vulnerability Management CVE-2026-23226: How a Missing Lock in ksmbd’s Channel List Exposes Your Linux SMB3 Server 2026 State of AppSec: When Development Velocity Outpaces Security AI Is Entering Your Infrastructure. Now what? Orca Security Featured in SACR’s 2026 Unified Agentic Defense Platforms Report Supply Chain Attack on Axios Delivers Cross-Platform RAT via Compromised npm Account Credential‑Stealing Malware in LiteLLM Supply Chain Attack Mission Accomplished: Orchestrate Your Remediation Strategy With Orca Missions The Orca Approach to Runtime AI Security
Orca MCP: When Text Stops Scaling
Junninho Thomas · 2026-07-01 · via Blog | Orca Security

Table of contents

  • Level 1: Claude draws its own visuals, in the chat
  • Level 2: HTML files for the work you need to share
  • Level 3: Interactive tools you can act on
  • So What

For a while, a chat box was enough. You asked an agent a question, it gave you a few sentences back, and you moved on. The interface matched the work.

That stopped being true. Agents now return whole investigations. Ask Claude to triage an alert and it calls Orca’s MCP tools to pull the asset, the attack path, the blast radius, the compliance impact, and the remediation steps. That is exactly what you wanted. It is also 200 lines of Markdown you now have to scroll, parse, and hold in your head.

The bottleneck moved. Getting the answer used to be the hard part. Now the hard part is reading it.

Anthropic’s Claude Code team made the same observation recently: past about a hundred lines, nobody actually reads the Markdown. They started reaching for richer formats instead. The same problem shows up anywhere an agent does real security work, and the fix is the same. The interface has to carry as much information as the answer does.

Here is how that plays out across three levels, using the kind of work security teams actually do in Orca.

Level 1: Claude draws its own visuals, in the chat

The first thing worth knowing is that you do not need a special integration for this. Claude can build a visualization on its own, inline, from the data it just pulled.

Ask Claude for a SOC 2 posture review through the compliance gap skill and you do not get a paragraph describing your score. You get a rendered view that ranks what is failing by how much it actually affects and points you at the fastest fixes.

Compliance dashboard showing a SOC 2 score overview of 64%, listing top failing controls ranked by blast radius (such as disabled ELB deletion protection and K8s configuration issues), worst performing assets, and a "Fastest path up" remediation panel.

The value is not decoration. When a failing control is sized by the number of assets behind it, you can see where to spend the next hour. The same facts in a bulleted list make you do that ranking in your head. The visual does the prioritization work for you, which is the whole point of context-driven security.

Before you build anything, Claude can already turn a query result into something you read in five seconds instead of five minutes.

In-chat visuals are great for a quick read. But some outputs need to live longer than the conversation. You want to send them to an engineering lead, drop them in a ticket, or keep them as a reference.

That is where generating an HTML file pays off. Ask Claude to build a remediation guide for your top attack paths and it pulls the data through Orca’s MCP tools and produces a standalone playbook: the highest-risk paths ranked, then each one drilled into from entry point to crown jewel.

Orca Security attack path analysis report header titled "Top 5 Attack Path Remediation Guide" for AWS accounts, displaying key metrics including 5 critical attack paths, a 9.8 peak risk score, 232 total open paths, 3 compromised VMs, and 4 overprivileged IAM roles.

Each path gets its own section that walks the chain hop by hop and flags what makes it dangerous.

Orca Security platform attack path diagram showing a critical 9.6 risk score for a privilege escalation path titled "Jumpbox → Role Chain → ML-Ops PowerUserAccess Escalation." It illustrates a 3-hop chain leading from a vulnerable jumpbox to the "ml-ops-demo" crown jewel IAM role, detailing risks like dual overprivileged policies and role chaining.

HTML carries all of that without compromise. The diagrams, the severity, and the specifics that make each hop dangerous all sit in one file. More importantly, you can share it as an artifact. The odds that a busy engineering lead reads your attack-path writeup go way up when it opens in a browser instead of sitting in a wall of text they have to scroll.

In-chat for speed, HTML files for anything that has to travel.

The first two levels make the agent’s findings easier to read. The third makes them easier to act on, and this is where it stops being a document and starts being part of the platform.

Orca’s interactive tools are built on MCP Apps, an extension to the Model Context Protocol that lets a server return a live, interactive interface that renders right inside the conversation. Not a screenshot of the platform. The platform, in the chat.

Pull up a critical alert and you get a real card, with a Take Action menu carrying the moves you would otherwise log into the console for. You triage the alert from the same place you were just discussing it.

Screenshot of an AI assistant interface displaying an Orca Security alert (orca-163951) for a 9.3 critical Remote Code Execution vulnerability in React Server Components and Next.js (CVE-2025-55182) on asset "app-payment-gateway-01". The interface shows an expanded "Take Action" dropdown menu and a terminal verdict confirming an active threat that requires immediate isolation.

The card also surfaces the next logical step. Buttons that show the attack path or the affected asset trigger the relevant follow-up without you typing another prompt. Click into the asset and you get its full profile, with the next question already a button away.

Screenshot of an AI assistant interface displaying an Orca Security asset profile for "app-payment-gateway-01". The asset is classified as a running, public-facing "Crown Jewel" and "Internet-facing" VM with a maximum risk score of 10, currently carrying 4 critical and 5 high alerts.

The visual layer matters here, but it is not the only reason this works. A few other things come with the MCP Apps approach:

  • Context preservation: The interface lives in the conversation. You are not switching tabs and losing the thread that led you to the alert in the first place.
  • Bidirectional flow: The app calls Orca tools directly and the host pushes fresh results back. You read, you act, and the view updates to reflect what you just did.
  • Familiar structure: A card with a status and an action menu reads like the console your team already knows. The chat does not ask analysts to learn a new mental model. It brings the one they have into the conversation.

The agent’s findings and the actions you take on them now live in the same place.

So What

Text is not going away, and it should not. Plenty of answers are still one sentence long, and a chat box handles those fine.

The point is that the interface should match the size of the answer. When an agent hands you a full investigation, a paragraph is the wrong container. A visual you read in seconds is better. A shareable HTML report is better when the work has to travel. A live, interactive card is better still when you need to act, not just read.

For a security team, that is the difference between an assistant that tells you what it found and one you actually run your day from. The conversation becomes the place where you see the risk and resolve it, without the tab-switching tax in between. That is what shifting security into the workflow was supposed to mean all along.

The Orca MCP server and its interactive tools are available to all Orca customers. To get set up, check the documentation. Not a customer yet? Sign up for a demo.