Field Notes

Security questionnaires ask if we disable USB ports while devs one-click install production code from strangers

By Nate Lee, co-founder of TrustMind
Security questionnaires ask if we disable USB ports while devs one-click install production code from strangers

Security questionnaires ask if we disable USB ports while devs one-click install production code from strangers.

This week, Koi discovered malicious code in a published MCP server that thousands of developers had already given to their AI agents. It wasn't hidden or sophisticated, just data-stealing code published to a formerly valid package on npm, by the original author, waiting to be installed.

Vendor assessments validate our tough stances on USB ports, clean desk policies and unnecessary password rotations. Meanwhile, our package.json contains code from thousands of anonymous developers.

Which one's the actual threat vector?

The disconnect is simple: vulnerability scanning and malicious code detection are completely different problems

Vulnerability scanners find outdated dependencies, known CVEs, and accidental bugs like XSS.

But this Postmark backdoor?

It's code, doing exactly what it was designed to do - steal data.

Vuln scanners look for broken code and we've gotten pretty good at it. Unfortunately, we barely look for malicious code, partly due to limited capability to do so.

MCP servers, agent tools, AI frameworks - they're all code from people you've never met. Not reviewed. Not monitored. Just trusted because they're on npm or Github or because someone mentioned it on Hacker News.

"Is this code vulnerable?" only takes us so far.

"What is this code actually doing?" is going to be more and more important as we move to increased automation where the broader context of the execution needs to be taken into account to understand if a given action is legitimate.

Incidents in the future won't come through a USB port. Your developers will install the compromise through a peer reviewed process.

Don't get complacent because you're acing questionnaires written in 2010.
Tomorrow's threats are already in your dependencies.

(If you want to stop hand-answering the 2010 questionnaire so you can go deal with the attack surface that actually matters, that's roughly why we built TrustMind.)

hashtag#SecurityCompliance hashtag#SupplyChain hashtag#SecurityQuestionnaires