What is go-appsec/toolbox and how does it find OAuth2 bugs?

It's an MCP server for AI-human security testing—you proxy browser traffic, AI uses tools like replay_send to mutate and probe OAuth flows, spotting misses like unauthed introspection.

Is spec compliance enough for building secure OAuth2 providers?

No—Autentico passed OpenID tests and ZAP, but MCP revealed five flaws. Compliance ticks boxes; flow-aware testing catches real leaks.

Will AI tools like this replace professional pentesters?

Not yet—they augment. Zero-experience dev found bugs, but pros scale to complex envs. Expect hybrid teams dominating by 2027.

🔒 Security & Privacy

5 OAuth2 Vulnerabilities Exposed in Minutes by New MCP Security Tool

Spec-compliant OAuth2 server. Clean ZAP scan. Then: five bugs in ten minutes flat, courtesy of an MCP security workbench. Security just got a wake-up call.

theAIcatchup Apr 09, 2026 4 min read

Screenshot of MCP toolbox replaying OAuth2 introspect request exposing token claims

⚡ Key Takeaways

Spec compliance and ZAP scans miss deep OAuth2 flow vulnerabilities—AI-MCP tools expose them fast. 𝕏
go-appsec/toolbox + Claude Code found 5 bugs in 10 minutes, no pentest experience needed. 𝕏
Rise of protocol-aware AI testing could slash appsec costs, disrupt $2B market. 𝕏

Published by

theAIcatchup

Community-driven. Code-first.

#AI pentesting #Claude AI pentest #Claude Code #MCP security tool #MCP tools #OAuth2 security #OAuth2 vulnerabilities #appsec testing #go-appsec toolbox #identity provider bugs

Worth sharing?

Get the best Open Source stories of the week in your inbox — no noise, no spam.

Originally reported by Dev.to

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Claude Code + Pencil: Prototyping UIs Before the Code Chaos Hits

Claude Code's 2026 Updates Secretly Sabotaged Real Engineering

OneKey Gateway: Single API, Endless Agent Formats

Claude Code's Upstream Proxy: The Stealthy Traffic Cop Revolutionizing AI Dev Containers

Stay in the loop