This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+14 more
Affected surfaces
Summary
AI summaryZero‑trust authentication now defaults to SSO with no passwords stored.
Full changelog
What's Changed
- feat: dynamic MITRE ATT&CK mapping via STIX + CWE bridge by @msaad00 in https://github.com/msaad00/agent-bom/pull/386
- docs: align all description surfaces to one canonical message by @msaad00 in https://github.com/msaad00/agent-bom/pull/393
- feat: agent identity (#388), semantic injection (#387), HF model hashes (#389) by @msaad00 in https://github.com/msaad00/agent-bom/pull/394
- ci: scope fuzz workflow to fuzz/** only by @msaad00 in https://github.com/msaad00/agent-bom/pull/395
- feat: zero-trust auth model — SSO default, no passwords stored by @msaad00 in https://github.com/msaad00/agent-bom/pull/396
- docs: promote proxy+scanner equally, fix roadmap accuracy by @msaad00 in https://github.com/msaad00/agent-bom/pull/397
- security: harden proxy message size + expand Trust section by @msaad00 in https://github.com/msaad00/agent-bom/pull/398
Full Changelog: https://github.com/msaad00/agent-bom/compare/v0...v0.63.2
Security Fixes
- Hardened proxy message size handling and expanded Trust documentation
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About msaad00/agent-bom
AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.
Related context
Related tools
Beta — feedback welcome: [email protected]