A few things the #Miasma source code reveals about this supply chain attack that weren't in the existing research 🧵

Someone finally built a security database for the Claude ecosystem. It's called ClaudeSec, and Pluto Security just launched it for free. Here's the gap it fills => 53 new Claude connectors shipped in the last 30 days. Your security team reviewed zero of them. Someone on your team authorized at least one. Most enterprises adopting Claude have no process to evaluate connectors before authorization. ClaudeSec tracks 384 connectors. 103 flagged high risk. That's around 27% of the ecosystem. Every entry shows: → What capabilities the connector actually has → What tools it exposes to the model → Why it's rated risky → Source-code findings where they did the review Security guides are live for Claude Managed Agents and Cowork. Real configuration - policies, hooks, permission scopes, allow/deny rules. The Cowork guide is the one Enterprise teams need to read first. Cowork runs code, browses with real user sessions, and operates unattended. The architecture is solid, gVisor sandbox, layered network controls. But Cowork activity is excluded from Audit Logs, the Compliance API, and Data Exports. All plan tiers. Including Enterprise. Your visibility tools don't see what Cowork is doing. Claude Code and Office Agents guides ship next. The curated news feed flags CVEs and incidents as they happen. The window between a connector being compromised and detection is roughly 3 hours. The feed is built around that window. Read here: ClaudeSec: claudesec.pluto.security/ Launch blog: pluto.security/blog/introduc… Cowork teardown: pluto.security/blog/claude-c… Thanks to @pluto_security for supporting this post.

The average enterprise now runs 37 deployed AI agents. More than half have zero security oversight or logging. You can't govern what you can't see.

Our research team disclosed CVE-2026-33032, a critical CVSS 9.8 vulnerability in nginx-ui that exposed over 500K users to full server takeover through a single unauthenticated request. No credentials. No exploit chain. Actively exploited in the wild. The root cause: MCP endpoints that inherit an application's full capabilities but skip its security controls entirely. The pattern is clear - and it's only getting more common as agentic workflows connect deeper into enterprise workspace infrastructure. Most security teams have no visibility into what MCP servers are running in their environment, no inventory of the endpoints they're exposing, and no way to enforce it. Full breakdown → lnkd.in/dmbkkQAp As covered by The Hacker News → lnkd.in/gWTZt4e4

Everyone is racing to deploy AI agents. Nobody is asking who gave them permission to be there.

Your AI agent just connected to Salesforce, GitHub, and Slack. It has more access than most of your employees. Does your security team know that?

Our attendee list for the upcoming @pluto_security webinar now includes leaders from some of the world's most innovative tech firms. They’re all asking the same thing: How do we stop blocking tools like @cursor_ai , @n8n_io , and @Lovable and start securing them? We’re diving into the new risks introduced by AI builders and sharing a practical, enforceable framework for AI workspace security. See the strategies being used by the best in the business to move from "no" to "yes." Registration link: lnkd.in/dgqj6gfA