6 posts

#mcp

The Real BadHost Risk: MCP Servers, vLLM, and the Proxy Gap
Open Source#starlette#cve-2026-48710#badhost#security

The Real BadHost Risk: MCP Servers, vLLM, and the Proxy Gap

CVSS 6.5 misses the mark. Why MCP servers and proxy-less AI agent stacks face disproportionate exposure from BadHost.

Creeta
Creeta
xAI Grok Build: Sub-Agents, MCP Compat, and the SWE-Bench Numbers
Agent#grok build#xai#coding agent#grok-build-0.1

xAI Grok Build: Sub-Agents, MCP Compat, and the SWE-Bench Numbers

xAI shipped its terminal coding agent on May 14, 2026. Here's what the CLI actually does, where the benchmark numbers hold, and what $299/month buys.

Creeta
Creeta
Robinhood Agentic Trading 2026: MCP, Sandbox Design, and Risk
Agent#robinhood#mcp#agentic-ai#ai-agents

Robinhood Agentic Trading 2026: MCP, Sandbox Design, and Risk

Robinhood's MCP agentic trading beta: sandbox isolation, guardrails, and developer implications.

Creeta
Creeta
Codex CLI v0.134.0: History Search, MCP OAuth, and a Breaking Profile Change
Coding#codex-cli#openai#rust#mcp

Codex CLI v0.134.0: History Search, MCP OAuth, and a Breaking Profile Change

v0.134.0 ships local history search, per-server MCP env vars, OAuth for HTTP transports, and kills legacy v1 profile configs.

Creeta
Creeta
Grok Build CLI: Plan Mode, Skills, Connectors, and Pricing
Company#grok-build#xai#coding-agent#cli

Grok Build CLI: Plan Mode, Skills, Connectors, and Pricing

xAI's Grok Build ships with Arena Mode, reusable Skills, and CLAUDE.md compat. Here's what developers need to know.

Creeta
Creeta
Starlette BadHost: CVE-2026-48710 Auth Bypass in AI Agent Stacks
Open Source#starlette#security#cve#fastapi

Starlette BadHost: CVE-2026-48710 Auth Bypass in AI Agent Stacks

Starlette BadHost (CVE-2026-48710): a crafted Host header bypasses auth middleware. Unproxied AI agents at highest risk.

Creeta
Creeta
Showing 6 of 6 posts