Devsecops on My Blog

The MCP Attack Surface: What Your Security Team Is Missing About AI Coding Tools

Thu, 11 Jun 2026 12:00:00 +0000

The more capable your AI coding assistant gets, the more dangerous it becomes.

I know that sounds backwards. Security tools are supposed to get safer as they mature. But with agentic coding tools, the relationship between capability and risk flips in a way that nobody prepared for. Academic research published in April 2026 tested 2,000 attack instances across nine LLMs. The result? The strongest instruction-following models — the ones enterprises actually want to deploy — were the ones most likely to hand an attacker your database credentials.

We Compared 6 AI Coding Tools on Security. The Gap Between #1 and #2 Is Alarming.

Thu, 11 Jun 2026 11:00:00 +0000

One tool has 50 admin-controlled security settings deployable via MDM. Two tools have literally no documented MCP governance at all. One tool can’t even let admins disable telemetry.

I spent two weeks digging through every piece of public documentation across six agentic coding tools — not marketing pages, not whitepapers, but actual config files, API docs, privacy policies, and security certifications. What I found was a landscape where the distance between best-in-class and “we’ll figure it out later” is measured in light-years, not inches.

What GitLab Ultimate's Security Scanners Can and Can't Catch

Thu, 11 Jun 2026 07:00:00 +0000

There’s a specific kind of disappointment that happens the first time a security team runs GitLab Ultimate’s built-in scanners against an application they’ve been hardening with Fortify for three years.

The scanner reports clean. The security team knows the application has edge cases. The scanner just can’t find them.

That’s not a bug. It’s a category error. And if you’re evaluating GitLab Ultimate’s security features, understanding this distinction is the difference between a tool that meaningfully improves your security posture and one that generates false confidence.