Context Hub, a service by Andrew Ng that supplies coding agents with up-to-date API documentation via MCP, has been shown to be exploitable as a supply chain attack vector — no malware required. Security researcher Mickey Shmueli published a PoC demonstrating that malicious instructions can be injected directly into documentation PRs, which agents then execute without sanitization. This is a direct threat to Claude Code users and anyone using MCP-based context services in agentic coding workflows.
Safety
AI supply chain attacks don’t even require malware…just post poisoned documentation
Security researcher Mickey Shmueli demonstrated that Context Hub's MCP service can be compromised through documentation poisoning, letting attackers inject arbitrary commands into coding agents like Claude Code without malware.
Wednesday, March 25, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline
Tags
safety