=0 I stumbled across this post and was thinking that it's interesting to see this topic trending now, since I've done a lot of work on it in the past. Then I clicked through and realized the author is linking to some of my stuff! What a blast from the past.
Anyhow, there are way smarter people than myself who have covered this topic extensively over the years, but I still think that, even in 2026, JWTs are the wrong tools for web auth. They're fine to use for service-to-service stuff, but if you have the option, just use PASETO -- it solves a lot of the issues!
> Yes US citizens that are putting themselves in a situation they shouldn’t have been in to begin with while threatening and provoking a violent reaction.
This is not at all true. Plus, it's inconsequential -- ICE agents have no authority over US citizens except in extremely limited circumstances (https://www.perplexity.ai/search/9f4518c4-8a32-474a-bd92-3f1...), and even if they did, being able to arrest someone, file charges, and work their way through the justice system is the answer... Not killing people on the streets.
Throwaway accounts and more propaganda isn’t proof of anything. I think it’s pretty clear that untrained, unaccountable armed people who have already killed multiple US citizens that they have no jurisdiction over is a real-world worry that people have.
It’s silly to dismiss rational, logic-based worry as “propaganda”.
Straight white US citizen male here. This scares the shit out of me. I travel for work all the time, but understanding that we will now have barely trained, and in many cases completely lawless, consequence-free federal officers in direct, high stress, public areas where lots of people are constantly passing through seems like an absolute recipe for tragedy.
This will 100% make me reconsider travel and avoid airports with ICE agents. I think the writing on the wall is clear, nobody is safe.
This is such a great idea. When I'm building net-new projects, I typically end up working with the AI assistant to build a comprehensive AGENTS.md as the first thing before any work gets done: specify tools, dependencies, architecture requirements, style, etc.
I end up getting way better quality.
The same is true for existing projects, but it always takes a whole lot longer as I'm typically chatting with my AI assistant to figure out what conventions are there that I forgot, etc., before building an AGENTS.md to make future changes simpler.
He also taught me networking in C in the early 2000's! A few years ago I moved from the Bay Area up to Bend, Oregon and ended up running into him in-person at one of the tech meetups.
I was so floored to meet him in person, and as you'd probably imagine, he's super kind and relaxed =D
A++ human being who's contributed so much to our field.
I believe one of the main differences is that our scanner looks for toxic flows between mcp endpoints regarding how they interact with one another. Unless I'm missing something, the Cisco tool does not support this.
Our research lab discovered this novel threat back in July: https://invariantlabs.ai/blog/toxic-flow-analysis and built the tooling around it. This is an extremely common type of issue that many people don't realize (basically, when you are using multiple MCP servers that individually are safe, but together can cause issues).
At Snyk, we've been working on this for a while. Here's our flagship open source project consolidating a lot of the MCP risk factors we've discovered over the last year or so into actionable info: https://github.com/invariantlabs-ai/mcp-scan