Home / Critical Brief / Category archive
Lemma Critical Brief · Category archive

Agent Infrastructure

Starlette/BadHost-class agent-harness vulnerabilities, MCP server credential leaks.

6 Briefs
No. 029 · 2026-06-06

One-Click GitHub OAuth Token Theft via github.dev

The Webview Trusted Synthetic Events, and the Token Was Not Scoped to the Repo

Pillar 03 Agent Authority Proof Agent Infrastructure Identity & Auth Brief →
No. 025 · 2026-06-05

MCP Design: Config-to-Command Execution and Supply-Chain-Scale RCE

In April 2026, OX Security disclosed that Anthropic's Model Context Protocol (MCP) official SDK contains a design-level issue in which confi…

Pillar 03 Agent Authority Proof Agent Infrastructure Identity & AuthCode Provenance Brief →
No. 026 · 2026-06-05

Adaptive AI Worm

Runtime Exploit Synthesis as a Threat Model

Pillar 03 Agent Authority Proof Agent Runaway Agent InfrastructureIdentity & Auth Brief →
No. 027 · 2026-06-05

LibreChat CVE-2026-32625

User-Supplied MCP Server URLs as an Exfiltration Channel for Server Secrets

Pillar 03 Agent Authority Proof Agent Infrastructure Identity & Auth Brief →
No. 024 · 2026-06-05

Invisible Unicode Instruction Injection

The Gap Between Human-Read and Model-Read Input

Pillar 02 Verifiable AI AI Decision Integrity Agent InfrastructureData Provenance Brief →
No. 003 · 2026-05-30

Starlette CVE-2026-48710 (BadHost)

MCP Server Authentication Bypass via HTTP Host Header Manipulation

Pillar 03 Agent Authority Proof Agent Infrastructure Identity & Auth Brief →