https://wcollins.io/tags/security/Recent content in Security on William CollinsHugo -- gohugo.ioen© 2026 William CollinsWed, 22 Apr 2026 00:00:00 +0000https://wcollins.io/posts/2026/your-mcp-config-is-leaking-secrets/Wed, 22 Apr 2026 00:00:00 +0000https://wcollins.io/posts/2026/your-mcp-config-is-leaking-secrets/<p>Open up the <code>claude_desktop_config.json</code> or <code>mcp.json</code> of the average AI tinkerer right now and tell me you don&rsquo;t flinch. API keys sitting in plaintext. GitHub PATs with repo scope pasted next to a GitLab token that somebody will forget about in six months. A Slack bot token that absolutely should not be in a file backed up to iCloud. We collectively spent a decade teaching engineers not to do this - and then MCP showed up and everybody speed-ran the mistake all over again.</p>