Post by Mitiga

MCP is becoming part of how work gets done. So, yes, that means it is becoming part of the attack surface. Idan Cohen’s new Mitiga blog shows how Claude Code can become the setting for MCP token theft through a man-in-the-middle chain via ~/.claude.json. Here's the exec takeaway: AI tooling risk goes beyond prompts, models, or generated code. It's also about the trusted paths around the tool: local configuration, identity, tokens, integrations, and the systems those tokens can reach. If your detection strategy treats those as separate problems, the attacker gets some room to move. Read the full breakdown: https://loom.ly/uQfBNQU #AISecurity #MCP #CloudSecurity #IdentitySecurity #CDR