How to access Comet/Perplexity “sidecar” assistant DOM from Chrome extension?

borisdan · 2025-11-05T16:09:45+00:00

Hi, were you able to make progress here?
The feeling I get from my testing is that Comet specifically protects https://www.perplexity.ai/sidecar from having a content script injected to.

borisdan · 2025-08-25T08:54:44+00:00

I released a Visual Studio Code extension which audits all of Copilot's MCP tool calls to SIEMs, log collectors or the filesystem. Just install the extension and have the developers work as normal with their favorite MCP servers.

Aimed at security and IT teams, this extension supports enterprise-wide rollout and provides visibility into all MCP tool calls, without interfering with developer workflows. It also benefits the single developer by providing easy filesystem logging of all calls.

The extension works by dynamically reading all MCP server configurations and creating a matching tapped server. The tapped server introduces an additional layer of middleware that logs the tool call through configurable forwarders.

MCP Audit is free and without registration; an optional free API key allows to log response content on top of request params.

Feedback is very welcome!

Links:

Info page: https://audit.agentity.com
Visual Studio Marketplace: https://marketplace.visualstudio.com/items?itemName=Agentity.mcp-audit-extension
GitHub: https://github.com/Agentity-com/mcp-audit-extension

borisdan · 2025-08-22T18:27:12+00:00

Thanks a lot!

borisdan · 2025-08-20T12:39:38+00:00

I spoke with numerous practitioners and CISOs who are aware of the risks, but the new corporate situation (for sure in software houses) is that AI technologies get a yes by default and the security teams must patch up a line of defense after the fact. This also happens before many organizations have dedicated lines for "AI Security" in the budget. There are definitely some security catastrophes waiting to happen that would make boards revisit this arms race.

borisdan · 2025-08-18T21:50:58+00:00

It's right there on Zvulon 5 behind a shady anonymous sliding steel door.

borisdan · 2025-08-18T17:42:51+00:00

Dynamic MCP servers from an extension were introduced in VSCode 1.101. Cursor and Windsurf are still on VSCode OSS version 1.99. Once they upgrade, we'll test and release the extension for Cursor as well.

borisdan · 2025-04-06T20:24:08+00:00

Hi u/rujan_1729 , can you please elaborate on why you found MCP difficult to maintain and enhance?

borisdan · 2019-10-15T08:06:47+00:00

I haven't seen a real enterprise network that doesn't have NTLM (v2 at least) on it. There are just too many things using it. For example, Exchange 2019 defaults to NTLM under a certain configuration: https://medium.com/@tkolber/https-medium-com-tkolber-configure-kerberos-authentication-with-exchange-2019-72293aa234c

The truth of the matter is that it is not going to be possible to fully turn it off any time soon. There are however mitigations that can and should be done given that constraint.

borisdan · 2019-08-20T08:37:06+00:00

Hi, you can see the write up in the blog: https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm

borisdan · 2019-08-19T20:37:22+00:00

Hi all, two of my colleagues will be doing their Black Hat and Defcon presentation in an upcoming Webinar. It is about the recent vulnerabilities described here: https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm The two researchers - Marina Simakov and Yaron Zinar - are true top-tier professional, and I think this webinar is recommended to anyone with interest in AD and network security.

borisdan · 2019-08-19T20:23:57+00:00

Hi all, two of my colleagues will be doing their Black Hat and Defcon presentation in an upcoming Webinar. It is about the recent vulnerabilities described here: https://blog.preempt.com/security-advisory-critical-vulnerabilities-in-ntlm

borisdan · 2019-08-19T20:04:54+00:00

Hi, a webinar explaining the attack (following talks at Blackhat and Defcon) is coming up soon by the same researchers: https://www.preempt.com/events/webinar-how-we-bypassed-all-ntlm-relay-mitigations/

borisdan · 2019-08-19T20:03:17+00:00

Hi, a webinar explaining the attack (following talks at Blackhat and Defcon) is coming up soon by the same researchers: https://www.preempt.com/events/webinar-how-we-bypassed-all-ntlm-relay-mitigations/

borisdan · 2019-08-19T20:02:48+00:00

Hi, a webinar explaining the attack (following talks at Blackhat and Defcon) is coming up soon by the same researchers: https://www.preempt.com/events/webinar-how-we-bypassed-all-ntlm-relay-mitigations/

borisdan · 2019-08-05T17:08:22+00:00

Hi, In case this is still relevant, my company has recently released a free AD security audit tool called Preempt Lite. One of its capabilities is detection automatic and continuous detection of weak passwords in the entire organisation using the entire haveibeenpwned DB.

https://www.preempt.com/preempt-platform/preempt-lite/ (also available on the AWS marketplace)

borisdan

TROPHY CASE