TLDR: We scanned the top 100 MCP servers on Smithery and found prompt injection, external fetch patterns, and tool description poisoning in a significant number of them. We built an open-source scanner and vulnerability standard to catch these which is bawbel-scanner v1.0.1 ships today. The problem nobody is talking about The security industry has spent 30 years building tools to scan code. We have Snyk for dependencies, Semgrep for code patterns, Trivy for containers. The pipeline is well-defended. Then AI agents showed up. A modern agentic AI stack in 2026 looks like this: Claude / GPT-4 / Gemini ↓ loads SKILL.md files ← domain knowledge, behavioral instructions ↓ calls MCP servers ← tools, APIs, external services ↓ spawns Sub-agents ← delegation, parallelism ↓ accesses Your calendar, email, codebase, databases Enter fullscreen mode Exit fullscreen mode Every one of those surfaces is an attack vector. And none of the existing security tools scan them.…