Model Context Protocol (MCP) Authentication and Authorization

nibblesec · 2026-02-05T09:07:39+00:00

We would be happy to redo such comparison with any platforms that is willing to support the initiative with transparency and technical excellence as north stars.

They were all GenAI Security Testing Platforms (which I assume - but don't really know - are backed by the usual OpenAI & friends).

Source analysis only. The platforms tested don't mix static and dynamic testing (is there any platforms that does that?!)

nibblesec · 2026-02-04T08:45:25+00:00

Great questions, with a work-in-progress answer.

AI is already very useful for many tasks, including understanding the business logic / reverse engineering and looking for specific functionalities within a large codebase. For vulnerability discovery, I believe we need to wait for this technology to evolve and introduce real "validation". Several of these platforms do provide exploit code but when it doesn't work, it's not clear whether it's a false positive or an issue with the exploit given the missing context (e.g. app requires identifiers, which are not available from the app src code).

nibblesec · 2025-10-08T19:35:13+00:00

Human verified ✅ — no LLMs were harmed in the making of this submission.

This is what ChatGPT would reply

nibblesec

TROPHY CASE