NewsCVE-2026-2256 MS-Agent RCE via Prompt Injection CVSS 9.8SecurityWeek·high signalCritical RCE in ModelScope MS-Agent framework via prompt injection into Shell tool. No patch. PoC public on GitHub.SourceSource pageSecurityWeek↳ Follow the threadPolicy dependency / Stack layerCynative Ships an Open-Source Deep-Research Security Agent With Default-Deny Write PermissionsIT Security NewsPolicy dependency / Stack layerCodenotary ships AgentMon 3 for agent runtime policy and compliance loggingAI Agent StorePolicy dependency / Threat patternNetInjectBench: Naive Network-Ops Agents Take Unsafe Actions 82.5% of the Time Under Prompt InjectionarXivStack layer / Threat patternMCPZoo Study: Scanners Call 96.89% of MCP Servers 'Risky' — But Under Half of Those Alerts Are RealarXivStack layer / Threat patternProgress ShareFile Storage Zone Controllers Flagged for a Cybersecurity ThreatTech StartupsStack layer / Threat patternReplace hand-written prompts with DSPy signatures + MIPROv2 Bayesian optimizationDSPy (dspy.ai)Stack layer / Threat patternclaude-video Turns 'Watch This Video' Into a Portable Agent Skill — 8K Stars in WeeksGitHubStack layer / Threat patternLayer prompt-injection defenses at five distinct chokepoints and treat every MCP/tool output as untrusted inputTokenMix