Drop-in OAuth For Your MCP servers
tl;dr: 4,639 MCP servers have already been launched — yet most still authenticate with static API keys, meaning they're not OAuth 2.1 compliant despite MCP mandating it. As AI agents and automated clients scale, that's no longer optional. But it doesn't have to be hard. Scalekit offers a drop-in OAuth layer that issues scoped, short-lived tokens to secure MCP servers without rearchitecting your stack.featured in #624
Bruteforcing The Phone Number Of Any Google User
tl;dr: Security researcher discovered they could bruteforce Google users' phone numbers using the no-JS username recovery form. By exploiting IPv6 ranges to bypass rate limits and obtaining display names via Looker Studio, they could determine full phone numbers in minutes for many countries.featured in #624
How AI Agents Become a Security Liability - And What to Do About It
- Maria Paktiti tl;dr: AI agents are gaining autonomy—but also privileged access to tools, APIs, and data. Without scoped permissions, auditability, and role-based controls, they quickly become a security risk. This post explores how engineering teams are securing agent workflows with the WorkOS platform, applying least-privilege access and modern security patterns by default.featured in #622
featured in #622
Sure, You Can Roll Your Own Auth - If You Hate Free Time
tl;dr: If you’re done doing auth on your own, don’t sacrifice your control. FusionAuth is downloadable, and can be developed and tested locally. A single-tenant architecture provides better scale and security than a purely multi-tenant SaaS model, even if you deploy via the cloud. Try it for free, and check out our transparent pricing.featured in #620
Secure By Design: Introducing Postman Spec Hub And BYOK Encryption
tl;dr: Postman’s new Spec Hub lets you design, lint, test, and document APIs - without jumping between tools or breaking developer workflow - providing end-to-end API design and governance, with BYOK encryption for full data control.featured in #619
Building Uber’s Multi-Cloud Secrets Management Platform To Enhance Security
tl;dr: “At Uber, we run over 5,000 microservices, 5,000 databases, and over 500,000 analytical jobs per day to support millions of people worldwide using our apps. Over 150,000 secrets facilitate authentication among these large, distributed ecosystems with multiple stakeholders. This also includes over 400 third-party vendor integrations and 400 SaaS applications.”featured in #616
Implementing Multi-Tenancy Into A Supabase App With Clerk
- Brian Morrison tl;dr: In this article, you’ll explore how to implement multi-tenancy in a Supabase application using Clerk, comparing manual RLS policies and row-based access control with Clerk’s simplified B2B toolkit—including organizations, role-based access, and a fully managed user interface—to streamline development and scale tenant-aware applications with less custom code.featured in #610
How To Stop Half Of All Breach Vectors
tl;dr: BlueOptima’s meta-analysis—drawing on 12 major cybersecurity reports and supporting research—reveals how vulnerabilities in secret management, third‑party libraries, and insecure coding practices drive nearly half of global breaches, costing millions per incident. Read the full report to learn actionable strategies to safeguard your digital assets.featured in #608
Securing AI Agents: Authentication Patterns For Operator And Computer Using Models
- Zack Proser tl;dr: The evolution from smart chatbots to digital assistants capable of autonomously performing multi-step tasks such as ordering groceries, scraping job postings, or researching and filling our complex web forms is natural. However, these expanded capabilities carry significant authentication, security, and compliance ramifications. This article explores these issues and discusses the emerging ecosystem around computer-using operators.featured in #601