Defenses: Organizations must review and control, both through policy and access controls, the IDE extensions and MCP servers their developers use. They should do this just like they should be vetting application dependencies from package registries such as npm or PyPI to prevent the compromise of developer machines or inheriting vulnerabilities in their code.Attackers are increasingly using VS Code extensions as an attack vector to target developers and it’s only a matter of time before they’ll start abusing MCP servers more widely.”Try to find the project’s GitHub repo and review the code,” the Knostic team advised. “This is a program you install on your computer that can do anything. If there’s doubt about its credibility, DO NOT USE IT.”Using auto-run modes, in which agents are allowed to perform tasks automatically inside the IDE without a human approving the steps, also known as YOLO mode, should also be avoided.”Never blindly enable anything, especially MCP functionality,” the team warned. “Don’t assume that everything your AI agent generated is as you expected. Read through the code before you perform actions in the embedded browser.”In its MCP documentation, Cursor itself warns developers to:
Verify an MCP server’s source and only install from trusted developers and repositoriesCheck what data and APIs the server is supposed to accessUse API keys with restricted permissionsAudit the server’s code for critical integrations
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4089046/rogue-mcp-servers-can-take-over-cursors-built-in-browser.html
