anonym.legal
Rudi kwa BlogUsalama wa AI

Usalama wa Seva ya MCP 2026: 8,000 Zimefichiliwa, 492 Hazina Uthibitishaji

Seva 8,000+ za Model Context Protocol zimefichiliwa hadharani. 492 hazina uthibitishaji kabisa. Asilimia 36.7 zina udhaifu wa SSRF. Linda PII katika zana zako za MCP.

March 16, 20267 dakika kusoma
MCP serverModel Context ProtocolAI securityPII protectionCursorClaude Desktopdeveloper security

Mfumo wa MCP Ulikua Haraka — Usalama Haukufuata

Itifaki ya Muktadha wa Mfano ilizinduliwa mwishoni mwa 2024. Ndani ya miezi 18 tu ikawa njia ya kawaida ya kuunganisha zana za AI na mifumo ya nje. Ifikapo Machi 2026, mfumo unajumuisha viunganishi vya hifadhidata, seva za faili, madaraja ya GitHub, wateja wa Slack, zana za barua pepe, na seva mia nyingine maalum za kikoa.

Mkondo wa ukuaji ni mkali. Picha ya usalama si hivyo.

Kufikia Machi 2026, seva 8,000+ za MCP ziko kwenye mtandao wa umma. Watafiti walipata 492 hazina uthibitishaji kabisa — hakuna ufunguo wa API, hakuna OAuth, hakuna kichujio cha IP. Mteja yeyote wa HTTP anaweza kuziita. Asilimia 36.7 ya seva zilizochunguzwa ziko wazi kwa SSRF (Udanganyifu wa Ombi la Upande wa Seva). Hiyo inamaanisha mshambuliaji anayedhibiti ingizo la zana anaweza kufikia rasilimali za mtandao wa ndani.

Katika kipindi kile kile, CVE 30+ ziliwasilishwa katika siku 60. Kiwango hicho kinaonyesha jinsi mfumo unavyokuwa mpya na kiasi gani cha umakini wa watafiti unaupata.

Kwa Nini Itifaki Inazalisha Hatari ya PII

MCP inawapa wasaidizi wa AI nguvu ya kutenda kwenye data. Hiyo pia ni sababu inayoleta hatari ya PII.

Msanidi programu anapotumia Cursor au Claude Desktop na kiunganishi cha hifadhidata, AI inaandika SQL kutoka maandishi ya kawaida. Maswali hayo yanarudisha safu za kweli — majina, barua pepe, data ya malipo, au PII nyingine. Data hiyo inasogea kupitia mnyororo:

  1. Seva ya hifadhidata → dirisha la muktadha la msaidizi wa AI
  2. Dirisha la muktadha → mifumo ya kumbukumbu ya mtoa huduma wa mfano
  3. Historia ya mazungumzo → kompyuta ya ndani ya msanidi programu
  4. Vikao vya utatuzi → zana nyingine za AI msanidi anapohamia muktadha

Hakuna hatua moja kati ya hizi ni uvunjaji. Hivi ndivyo mfumo unavyofanya kazi. Lakini PII huishia katika maeneo mengi ambayo hayakujengwa kuishikilia, mara nyingi bila usimbaji kati ya seva na mteja wa AI.

CVE-2026-25253 (CVSS 8.8), iliyochapishwa Februari 2026, ilionyesha njia moja ya shambulio. Mwisho mbaya ungeweza kuingiza maagizo yaliyofichwa katika majibu yake. Maagizo hayo yaliambia AI iliyounganishwa kutoa data kutoka kwa zana nyingine hai. Msanidi programu anayetumia mwisho mbaya wa jamii karibu na kiunganishi chake cha hifadhidata angeweza kuvujisha hifadhidata nzima.

Seva 492 Zisizo na Uthibitishaji

Seva 492 wazi ni tatizo tofauti na CVE-2026-25253. Hazikuvunjwa. Ziliwekwa vibaya.

Nyingi zilikusudiwa kukimbia ndani ya kompyuta. Mtu aliwafichua kupitia uelekezaji wa bandari au upelekaji wa wingu bila udhibiti wa ufikiaji.

Kinachofichuliwa mara nyingi na seva hizi:

  • Zana za mfumo wa faili zenye ufikiaji wa kusoma kwa folda za nyumbani
  • Viunganishi vya hifadhidata zenye vitambulisho hai katika usanidi
  • Zana za barua pepe zilizounganishwa na sanduku la poste halisi
  • Zana za utekelezaji wa msimbo — msimbo wowote, bila uthibitishaji, bila mipaka

Wasanidi programu karibu bila shaka hawakukusudia kuwafichua. Lakini Cursor na Claude Desktop zinaungana na URL yoyote katika usanidi. Hakuna ukaguzi wa kujengwa ndani wa kama mwenyeji ni wa ndani au wa umma.

Suluhisho la MCP la anonym.legal

Marekebisho ya kimuundo kwa hatari ya PII katika mtiririko wa zana ni kufuta utambulisho wa data kabla haijafika kwa wito wowote unaouuma kwa LLM. Hii ndiyo seva ya MCP ya anonym.legal inayotoa.

Inafichua zana 7:

ZanaKusudi
`analyze_text`Tambua vipengele vya PII na urejeshe nafasi na aina zao
`anonymize_text`Ondoa au badilisha PII iliyotambuliwa
`deanonymize_text`Batilisha ubadilishaji kwa kutumia ufunguo wako wa usimbaji
`anonymize_batch`Sindika maandishi mengi katika wito mmoja
`get_supported_entities`Orodhesha aina zote 285+ za vipengele kwa lugha fulani
`get_supported_languages`Orodhesha lugha zote 48 zinazoungwa mkono
`health_check`Thibitisha muunganiko

Msaidizi wa AI akiwa na seva ya anonym.legal na kiunganishi cha hifadhidata zote zimesanidiwa, msanidi programu anaweza kuagiza: "Kabla ya kuonyesha data yoyote ya mteja, piga simu `anonymize_text` kwenye matokeo." AI inashughulikia uratibu. PII haiingii kamwe katika matokeo yanayoonekana au historia ya mazungumzo kwa njia inayoweza kutambuliwa.

Usanidi wa Cursor IDE

Kuongeza seva ya anonym.legal kwenye Cursor:

```json // .cursor/mcp.json { "mcpServers": { "anonym-legal": { "url": "https://anonym.legal/mcp", "transport": "sse", "headers": { "Authorization": "Bearer YOUR_API_KEY" } } } } ```

Ikisanidiwa, uliza Cursor: "Changanua tiketi hii ya msaada kwa PII kabla sijaibandika kwenye mfuatiliaji." Cursor inapiga simu `analyze_text`, inarudisha orodha ya vipengele, na unaamua kama utafuta utambulisho kabla ya kubandika.

Usanidi wa Claude Desktop

```json // claude_desktop_config.json { "mcpServers": { "anonym-legal": { "command": "npx", "args": ["-y", "@anonym-legal/mcp-server"], "env": { "ANONYM_API_KEY": "YOUR_API_KEY" } } } } ```

Kwa usanidi huu, Claude Desktop inaweza kufuta utambulisho wa maandishi yoyote kabla ya kuyajumuisha katika wito wa zana unaotumwa kwa seva nyingine. Ufutaji wa utambulisho unafanya kazi katika kikao chako. PII haiingii kamwe kwenye seva za Anthropic kwa njia inayoweza kutambuliwa.

Kuimarisha Usanidi Wako

Zaidi ya kutumia anonym.legal, tumia hatua hizi. Angalia pia muhtasari wetu wa usalama na kituo cha uzingatiaji.

Kagua orodha yako ya zana. Angalia kila ingizo katika usanidi wako. Kwa kila moja, uliza: unaamini opereta? Unajua data gani anayoweza kufikia?

Pendelea ndani ya kompyuta kuliko nje. Seva za ndani zinakimbia kupitia stdio. Hazizalishi mfiduo wa mtandao. Tumia seva za nje tu wakati hakuna chaguo la ndani linalopo.

Angalia uthibitishaji. Kila seva ya nje inapaswa kuhitaji ufunguo wa API au tokeni ya OAuth. Ikiwa haihitaji, usitumie na data ya kweli ya mtumiaji.

Tenganisha maendeleo na uzalishaji. Weka usanidi tofauti kwa kazi za maendeleo (data ya majaribio, bila PII) na mtiririko wowote unaogusa watumiaji wa kweli.

Wezesha uandishi wa kumbukumbu. Ikiwa inaunga mkono kumbukumbu, ziwashe. Jua data gani ilipita katika kila wito.

Angalia ukurasa wetu wa vipengele vya MCP kwa orodha kamili ya aina za vipengele na lugha.

CVE 30+ katika siku 60 zinaonyesha itifaki iko chini ya uchunguzi hai. Hitilafu mpya zitajitokeza. Lakini ulinzi wa msingi — futa utambulisho kabla data haijafika kwa wito wowote wa LLM — unafanya kazi dhidi ya CVE yoyote maalum inayokuja.

Sanidi seva ya anonym.legal katika Cursor →

anonym.legal inasindika ufutaji wa utambulisho wa PII upande wa seva kwa kutumia ufunguo wako wa usimbaji. Data iliyofutwa utambulisho inaweza kurejeshwa kwa ufunguo huo peke yake. Imechapishwa na anonym.legal, iliyoidhinishwa ISO 27001.

Vyanzo

  • Data ya mfiduo wa seva ya Shodan MCP, Machi 2026 — seva 8,000+, 492 hazina uthibitishaji
  • CVE-2026-25253, CVSS 8.8, sindano ya seva-msalaba kupitia Model Context Protocol
  • Data ya SSRF: uchunguzi wa usalama wa mwisho zinazopatikana hadharani, Machi 2026
  • Maelezo ya MCP ya Anthropic v1.2, sehemu ya mazingatio ya usalama

Makala Zinazohusiana

Usalama wa AI

AI Coding Assistants Leak Production PII

Unit test fixtures with real customer records. Log files with production data for debugging. GitHub found 39 million secrets leaked in 2024.

Usalama wa AI

Internal Wiki PII: Confluence Customer Data

Support teams document processes with screenshots of customer accounts. Over 3 years, that's thousands of GDPR data minimization violations in your.

Usalama wa AI

Screenshot PII: Leaks in Internal Tools

Slack, Teams, Jira, and email regularly receive screenshots containing customer PII. This access-control violation bypasses every DLP tool.

Tayari kulinda data yako?

Anza kuanonymisha PII na aina 285+ za vitu katika lugha 48.

Anza Jaribio la BureTazama Vipengele

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.