https://m10x.de/tags/ai/Recent content in AI on Maximilian HildebrandHugoen<a href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank" rel="noopener">CC BY-NC 4.0</a>Sun, 05 Apr 2026 04:00:56 +0100https://m10x.de/posts/2026/04/pwning-ai-agents-part-1/4-exploiting-ai-coding-agents-and-read-only-sql-mcp-servers/Sun, 05 Apr 2026 04:00:56 +0100https://m10x.de/posts/2026/04/pwning-ai-agents-part-1/4-exploiting-ai-coding-agents-and-read-only-sql-mcp-servers/This is the first of four posts about vulnerabilities found in AI coding agents, MCP servers and MCP hosts. This first post provides a non-technical overview of the three projects and their results, while the subsequent three posts delve deeper into each project, including the technical aspects. TLDR Found 25 vulnerabilities in 19 AI Coding Agents with way over 100 million downloads in total. 11x RCE due to autonomous execution of dangerous commands or command allowlist bypasses.