{"data":{"id":"d1a37969-a97a-4daa-b311-5da60d90a442","title":"Windsurf MCP Integration: Missing Security Controls Put Users at Risk","summary":"Windsurf's MCP (Model Context Protocol, a system that connects AI agents to external tools) integration lacks fine-grained security controls that would let users decide which actions the AI can perform automatically versus which ones need human approval before running. This is especially risky when the AI agent runs on a user's local computer, where it could have access to sensitive files and system functions.","solution":"N/A -- no mitigation discussed in source.","labels":["security","safety"],"sourceUrl":"https://embracethered.com/blog/posts/2025/windsurf-dangers-lack-of-security-controls-for-mcp-server-tool-invocation/","publishedAt":"2025-08-28T19:20:58.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["other"],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Windsurf"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","safety"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}