Tired of news that feels like noise?
Every day, 4.5 million readers turn to 1440 for their factual news fix. We sift through 100+ sources to bring you a complete summary of politics, global events, business, and culture — all in a brief 5-minute email. No spin. No slant. Just clarity.
So I published 7 articles in 8 days last week. Four of them ended up being about security. That was not the plan.
I was building production workflows, kept hitting weird stuff, and decided to actually test what was going on instead of just trusting the stack.
The short version: a lot of what we trust in our AI tooling is not trustworthy.
The one that kept me awake
I red-teamed my own MCP servers with 225 attack prompts. Invented words, 10 languages, poisoned tool responses.
Prompt injection attacks? Zero success rate. Claude's guardrails held fine.
But a poisoned response from a trusted tool? 100% success rate. Claude repeated it as fact. Every. Single. Time.
We are building guardrails against the wrong threat.
3 more from this week
Chinese hackers socially engineered Claude. Not a jailbreak. They lied to it, and it executed 90% of the attack because (surprise) it was trained to be helpful. The attack surface is not your code. It is your agent's personality.
I audited my MCP servers after the LiteLLM supply chain attack. Found 7 critical vulnerabilities. All compliant with the spec. The spec makes the insecure path easier than the secure one. That is the actual problem.
You have a third pile of technical debt. Not code debt. Not infra debt. Imported debt. Free SaaS dependencies that are not in your lockfile, don't show up in audits, and break on Monday mornings when the vendor decides to pivot.
Coming next week
LLM call monitoring. What happens when your AI's outputs start silently degrading and no alert fires. (Spoiler: it happened to me.)
Ship safe,
Phil
PS — Real question: do you audit what your MCP servers return to Claude, or do you just trust them? Hit reply, genuinely curious.