# AppSec Newsletter 0043

## Novo vídeo no canal!

Se você desenvolve aplicações que recebem um input do usuário e envia ele para uma LLM processar, seja local ou remoto, é importantíssimo que você entenda os riscos que corre nesta integração.

%[https://www.youtube.com/watch?v=O0ZGHde0jPw] 

## Links

* [Top 10 threats and mitigation for AI Agents | OWASP](https://github.com/precize/Agentic-AI-Top10-Vulnerability)
    
* [MCP Security Checklist: A Security Guide for the AI Tool Ecosystem | Slow Mist](https://github.com/slowmist/MCP-Security-Checklist)
    
* [Secure Software Development Practices for Generative AI and Dual-Use Foundation Models | Nist](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218A.pdf)
    
* [What 17,845 GitHub Repos Taught Us About Malicious MCP Servers | VirusTotal Blog](https://blog.virustotal.com/2025/06/what-17845-github-repos-taught-us-about.html?m=1)
    
* [Starting a Security Program from Scratch (or re-starting) | Phil Venables](https://www.philvenables.com/post/starting-a-security-program-from-scratch-or-re-starting)
    
* [Anatomy of a Kubernetes Attack: How Cortex Cloud Provides End-to-End Protection | Palo Alto](https://www.paloaltonetworks.com/blog/cloud-security/kubernetes-attack-detection-response/)
    
* [Defeating FIDO2/CTAP2/WebAuthn using browser in the middle and reflected cross site scripting | Springer](https://link.springer.com/article/10.1007/s11416-025-00556-2)
    

## Snyk

* [Snyk anuncia a primeira plataforma AI Trust para revolucionar o desenvolvimento de software seguro na Era da IA](https://snyk.io/pt-BR/news/snyk-announces-first-ai-trust-platform-to-revolutionize-secure-software-for-the-ai-era/)
    
* [Snyk Acquires Invariant Labs to Accelerate Agentic AI Security Innovation](https://snyk.io/pt-BR/news/snyk-acquires-invariant-labs-to-accelerate-agentic-ai-security-innovation/)
    

[![](https://cdn.hashnode.com/res/hashnode/image/upload/v1751231873336/fdd89d2f-2efd-4003-b92d-be8dc4ba6dad.jpeg align="center")](https://snyk.io/pt-BR/schedule-a-demo/)

## Siga o Guia de AppSec nas redes!

* Youtube: [**youtube.com/@GuiadeAppSec**](http://youtube.com/@GuiadeAppSec)
    
* Twitter / X: [**twitter.com/guiadeappsec**](http://twitter.com/guiadeappsec)
    
* Site: [**guiadeappsec.com.br**](http://guiadeappsec.com.br/)
