August was filled with vulnerabilities and developments in the agentic AI and Model Context Protocol (MCP) landscape. Multiple high‑severity remote‑code‑execution vulnerabilities demonstrated how easily malicious servers or modified configurations can hijack developer machines. Docker went so far as to label the MCP ecosystem a “security nightmare,” prompting calls for OAuth 2.1 authorization and zero‑trust practices. Meanwhile, vendors made notable releases and thought leaders explored the future of AI as adoption accelerates.
We’ve pulled together incidents, industry news, conversations/blogs, and other news/reports around MCP from the past month.
08/05/2025
Cybersecurity researchers disclosed a high‑severity flaw in the Cursor AI code editor (CVE‑2025‑54136) dubbed MCPoison that allows attackers to achieve remote and persistent code execution by modifying a previously trusted MCP configuration file. Once a collaborator approves a harmless MCP, an attacker can silently swap it for a malicious command. This vulnerability was fixed in version 1.3.
08/01/2025
Aim Security identified that Cursor’s integration with MCP includes a ‘CurXecute’ vulnerability (CVE‑2025‑54135) that rewrites ~/.cursor/mcp.json and automatically runs commands, enabling attackers to gain a reverse shell via a modified MCP file. The flaw arises because a user only approves an MCP once; attackers can modify the configuration later to run arbitrary commands each time the project opens.
08/31/2025
Marc Benioff says Salesforce has cut 4,000 roles in support because of AI agents | Business Insider
In an episode of "The Logan Bartlett Show" released on Friday, Salesforce CEO Marc Benioff said AI agents in the customer support division were replacing humans, helping the company work through more sales leads. Salesforce used AI agents to cut support staff from 9,000 to 5,000 employees. AI's rise may alter management structures and how work is distributed, tech executives say.
08/29/2025
Cognizant announced a strategic initiative to industrialize agentic AI across enterprises by deploying 1,000 context engineers over the next year. This move marks a pivotal investment in the emerging discipline of context engineering, which is essential to enabling AI agents to reason, act, and adapt in alignment with enterprise goals.
08/26/2025
HPE accelerates self-driving network operations with new Mist agentic AI-native innovations | HPE
HPE announced major innovations to its HPE Juniper Networking portfolio, advancing its AI-native Mist platform to deliver agentic AIOps through more autonomous, intelligent and proactive network operations. These new capabilities bolster GreenLake Intelligence, HPE’s next-generation approach to autonomous IT and agentic AIOps, which deploys specialized AI agents within a multi-layered IT architecture.
08/22/2025
AWS CCAPI MCP Server: Natural Language Infra | InfoQ
AWS recently announced the Cloud Control API (CCAPI) MCP Server, a new tool designed to simplify infrastructure management by enabling developers and AI-powered agents to manage resources using natural language. The server is part of the awslabs/mcp project and acts as a bridge between conversational commands and AWS infrastructure deployment and management.
08/21/2025
Microsoft makes MCP in Visual Studio GA but researchers warn of risks | The Register
Microsoft has declared general availability for MCP (model context protocol) servers in Visual Studio, likely to be the second most popular IDE after Visual Studio Code and with wide enterprise use. Developers can add MCP servers either by editing this file directly, or using settings in the GitHub Copilot chat window.
08/14/2025
HashiCorp releases experimental MCP servers for Terraform and Vault | InfoQ
HashiCorp has announced the availability of experimental Model Context Protocol (MCP) servers for Terraform, Vault, and Vault Radar. These offerings aim to extend how organisations can integrate AI into infrastructure provisioning, security management, and risk analysis workflows. They are currently experimental, recommended only for development and evaluation purposes, and not intended for production use.
08/12/2025
Introducing the Obot MCP Gateway | Obot.ai
Obot.ai announced beta availability of Obot MCP Gateway, an open source platform that provides a comprehensive approach to managing, securing and delivering MCP servers safely to the enterprise.
08/12/2025
Kong Announces API Summit 2025 to Unleash the Agentic AI Era | KongHQ
Kong Inc. has announced the agenda for its eighth annual API Summit returning in-person on Oct. 14-15, 2025, in New York City. The packed conference is focused on helping today’s API technology leaders prepare for the agentic AI era.
08/06/2025
Automate security reviews with Claude Code | Anthropic
Anthropic introduced automated security reviews in Claude Code. Using GitHub Actions integration and a new /security-review command, developers can easily ask Claude to identify security concerns—and then have it fix them.
08/05/2025
MCP UI: Breaking the text wall with interactive components | Shopify
Model Context Protocol (MCP) gives AI agents superpowers. A shopping assistant can search product catalog, digest reviews, build a cart, and help buyers complete the purchase. For commerce, visual context isn't just helpful—it's essential. To deliver a great shopping experience, agents need to augment their conversation flow with visual and interactive components.
08/31/2025
Beyond context windows: here is how the memory of AI agents is evolving | TechTalks
On paper, AI agents promise to become autonomous workers that can handle complex, multi-step business processes. But in practice, today’s agents are often fragile. They can fail in unpredictable ways that make them unreliable (for example, a customer support bot might forget an earlier refund request, or a planning assistant can lose track of your dietary preferences between sessions).
08/31/2025
OAuth 2.1 is the officially mandated authorization standard in the Model Context Protocol (MCP) specifications. According to the official documentation, authorization servers must implement OAuth 2.1 with proper security measures for both confidential and public clients.
08/28/2025
What the Agentic AI Era Means for Business—And for Humanity | Time
Salesforce CEO Marc Benioff writes that we’re at the beginning of the Agentic Era, where machines perform cognitive work and augment human capabilities. He argues that AI agents will reshape every job and calls for building systems where AI adapts to people rather than the other way around.
08/24/2025
Agentic AI Is Set to Dominate in 2025: Get Ready for the Revolution | eWeek
Agentic AI is already woven into the product roadmaps of nearly every major tech platform. It’s the layer many apps now use to get things done without constant human steering, and over the past year, mainstream platforms have used it to ship agents that plan steps, call tools and APIs, and monitor progress and then report back. That shift is visible in coding, customer operations, enterprise search, and even consumer web tasks.
08/22/2025
Salesforce AI Research developed a new open-source benchmark it calls MCP-Universe, which aims to track LLMs as these interact with MCP servers in the real world, arguing that it will paint a better picture of real-life and real-time interactions of models with tools enterprises actually use. In its initial testing, it found that models like OpenAI’s recently released GPT-5 are strong, but still do not perform as well in real-life scenarios.
08/19/2025
GenAI Security Principles | Block
Block’s Product Security team has a core tenant of securing our financial platform without slowing down the pace of innovation. To aid our mission, the ProdSec team has developed a set of security principles that allow for secure adoption of GenAI.
08/11/2025
MCP Vulnerabilities Every Developer Should Know | Composio
MCP adoption is picking up quickly, and serious risks could become disasters if not appropriately handled. If MCP tools or servers are misconfigured or vulnerable, attackers can read your data, steal credentials, impersonate users or even execute code on your infrastructure. This post shares vulnerabilities with practical analysis and some real-world incidents that shook the trust of the entire community.
08/06/2025
Model Context Protocol FAQs: Everything You Need to Know in 2025 | MarkTechPost
In 2025, MCP is widely adopted, reshaping how enterprises, developers, and end-users experience AI-powered automation, knowledge retrieval, and real-time decision making. Below is a comprehensive, technical FAQ-style guide to MCP as of August 2025.
08/06/2025
No Time To Waste: 8 Ways To Succeed With AI Agents | The New Stack
Across the globe, companies are investing heavily in AI agents. Adopting AI agents is not a silver bullet, and governance guardrails, including human oversight, will be needed to make a success out of deployments.
08/05/2025
OpenAI releases powerful new open language models | Axios
OpenAI on Tuesday debuted two freely downloadable models that it says can, for certain tasks, match the performance of some modes of ChatGPT. OpenAI is aiming the new models at customers who want the cost savings and privacy benefits that come from running AI models directly on their own devices rather than relying on cloud-based services like ChatGPT or its rivals.
08/04/2025
“A Security Nightmare”: Docker Warns of Risks in MCP Toolchains | InfoQ
Docker’s analysis of hundreds of MCP servers found widespread flaws—command‑injection vulnerabilities in OAuth proxies, file‑system exposure, unrestricted outbound access and tool poisoning. Docker called the MCP ecosystem a ‘security nightmare’ and proposed hardened isolation, zero‑trust networking and signed containers.
08/01/2025
Agents Meet Databases: The Future of Agentic Architectures | The New Stack
MCP has quickly become popular as a standardized method for connecting tools and data to agentic systems, offering a new approach to agent-database interoperability. But this raises key questions for AI developers: What do agentic architectures involving databases actually look like? And what should you consider when building one?
August underscored both the promise and the peril of agentic AI. Disclosures revealed how easily a malicious MCP server or a misconfigured setup can hijack developer workstations, reinforcing calls to adopt strict access controls, patch vulnerable tools, and embrace zero-trust networking. At the same time, momentum around MCP continued to accelerate, with vendors pushing adoption and thought leaders highlighting the need to rethink leadership, memory, and the standard’s technical foundations.
Pomerium helps organizations capture MCP’s potential without succumbing to its risks. By enforcing identity, intent, and risk on every request, it ensures that agents act only within authorized boundaries. Zero Trust access provides the foundation to build powerful, agentic workflows while keeping control, visibility, and security firmly in the hands of the team.
Stay up to date with Pomerium news and announcements.
Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.
Use Cases
Quicklinks
Stay Connected
Stay up to date with Pomerium news and announcements.
