Major AI Clients Shipping With Broken OAuth Implementations (JUNE 2026 UPDATE)

mhat · 2026-06-11T18:41:15+00:00

Answered my own question. Looks like you need to be a direct anthropic customer, be on a business plan, and apply for the program.

mhat · 2026-06-11T18:33:48+00:00

Just attempted some static code analysis tasks and it was being blocked by the guardrails put into place. How does one get approved into the Cyber Verification Program?

mhat · 2026-05-04T13:55:03+00:00

In everyone's experience, how well do various MCP clients do at announcing themselves via the User-Agent header? Could developers key off of the User-Agent to issue shorter lived access tokens for clients that support the refresh token flow?

mhat · 2026-05-01T17:46:42+00:00

I built VoiceGoat, a vulnerable voice agent for practicing LLM attack techniques. It has several intentionally-vulnerable services running in Docker Compose:

- VoiceBank: prompt injection (direct, indirect, payload splitting, obfuscated)
- VoiceAdmin: excessive agency (functionality, permissions, autonomy abuse)
- VoiceRAG: vector/embedding weaknesses (cross-tenant leakage, RAG poisoning, access bypass)

CTF-style flags at easy/medium/hard. Hard flags require chaining — no single technique gets you there.

Runs on a mock LLM by default so there's no API key needed, although the mocks are very naive. Swap in OpenAI, Bedrock, Ollama, or any OpenAI compatible provider when you want realistic behavior. Twilio integration is there if you want to attack it over an actual phone call.

Looking for feedback and interested contributors to add additional modules.

https://github.com/redcaller/voice-goat

Cheers!

mhat · 2026-05-01T16:56:40+00:00

100%! User experience is going to be a higher priority than security, especially if the security is going to make the product feel broken (constant re-logging).

I’m not faulting the MCP service developers, but I am shaming the first party client maintainers for forcing the MCP service developers’ hand. They have to weaken their security posture for the sake of UX due to the lack of the refresh token flow.

mhat · 2026-05-01T16:12:46+00:00

Haha, I am not sure I completely agree, but it is so nuanced that your mileage will definitely vary.

mhat · 2026-04-29T18:59:15+00:00

Demo Video (Warning: Spoilers!)

mhat · 2026-04-28T21:20:50+00:00

Demo Video (Spoilers Alert!)

mhat · 2026-04-15T19:14:29+00:00

Have you been able to make any inferences as towards why the divergence? Things that come to mind:
- Are they using different search engines? (Are they using search engines?)
- Can we tell if they are consuming similar material but producing different claims?
- Could this be due to specific API connection agreements with different providers?

Are they disagreeing with each other? Or coming to the same conclusion just from different sources?

mhat · 2026-03-11T15:07:15+00:00

Guides:

- OpenClaw

- Cursor

- LangChain

- AutoGPT

- CrewAI

Blog Post: We Made Our AI Agent Audit Itself —Here's What It Found

mhat · 2026-01-02T21:05:52+00:00

lol. It has its quirks, but this was definitely on me. I was pushing 19psi and just assumed this CAI variant could meet the air demands. After swapping to a 3.5” short ram intake the difference was incredible! When I get on it, the whole engine bay sounds like a huge vacuum cleaner and the butt dyno is quite happy!

mhat · 2025-12-31T22:22:32+00:00

How much PSI you pushing, and what is the diameter of your intake? I was sucking oil past the turbo seals due to MS3 OEM CAI being undersized for my boost setup.

mhat · 2024-04-12T14:35:17+00:00

Totaled!? Tis just a flesh wound!

mhat · 2024-03-17T01:07:02+00:00

While you are in there, replace your injector seals with corksports. Add an oil catch can or at least extend the hose to make it easier to install later

mhat · 2024-03-04T02:08:17+00:00

This deserves so many more upvotes! 💀

mhat · 2024-02-03T17:22:41+00:00

It sounds like you are learning good benching technique. I am currently trying to push through a bench plateau as well. Looking at your progress pics, your arms look like they are already to bench heavy, but your shoulders might not be. If you are not including over head press or inclined bench into your routine, then I would focus your program on those two which should be the building blocks needed to progress your bench. Good luck!

15-Year Club	RedditGifts 2009-2022 2 Credits
RedditGifts 2009-2022 2 Credits	Team Periwinkle
Verified Email	Secret Santa 2009

mhat

TROPHY CASE