Company
Why We Built Anomity: Securing the AI Agent Endpoint
Why we built Anomity: AI agent adoption outran governance, and the endpoint is the layer Network, EDR, DLP, and GRC were never designed to see.
Field notes on agentic AI security
Research, product, and perspective on governing AI agents, MCP servers, and everything loaded into them.
Guide
MCP Server Security: The Complete Guide for Security Teams (2026)
MCP server security in 2026: the attack surface, the CVE wave, MCP trust tiers, and how to inventory and govern every MCP server across your fleet.
AdvisoryCritical
MCPJam Inspector Remote Code Execution — CVE-2026-23744
CVE-2026-23744 is a critical RCE in MCPJam Inspector ≤ 1.4.2: it binds 0.0.0.0 and a crafted request triggers an MCP server install and code execution.
Product
Inside Anomity Discovery: How We Inventory Every AI Artifact on the Endpoint
How the Anomity daemon discovers every AI agent, MCP server, extension, and secret on an endpoint, then classifies and governs them from the cloud.
Research
What We Find When We Scan AI Agent Configs Across Managed Fleets
The recurring risks hiding in AI agent configs on managed endpoints: plaintext secrets, blanket permission grants, unvetted MCP servers, and off-allowlist extensions.
AdvisoryHigh
LiteLLM Supply-Chain Compromise — Malicious PyPI Release 1.82.8
Malicious LiteLLM releases 1.82.7 and 1.82.8 shipped a .pth file that ran on every Python startup to harvest credentials. What to check on your fleet.
Insights
Why AI Agents and MCP Servers Are the New Shadow IT
AI agents and MCP servers are adopted bottom-up, carry their own permissions, and report to no one in security. They are the new shadow IT.