MCP Connector Poisoning: How Compromised npm Packages Hijack Your AI Agent

📰 Dev.to · Toni Antunovic

The axios npm supply chain attack of March 2026 deployed a RAT through AI coding agents autonomously running npm install. Learn how MCP connector poisoning works and how local SCA scanning stops it before it reaches your codebase.

Published 4 Apr 2026
Read full article → ← Back to Reads