AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Windsurf MCP Integration: Missing Security Controls Put Users at Risk

mediumnews

securitysafety

Source: Embrace The RedAugust 28, 2025

Summary

Windsurf's MCP (Model Context Protocol, a system that connects AI agents to external tools) integration lacks fine-grained security controls that would let users decide which actions the AI can perform automatically versus which ones need human approval before running. This is especially risky when the AI agent runs on a user's local computer, where it could have access to sensitive files and system functions.

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integritysafety

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 72%