
AVE v1.1.0 — 51 behavioral classification records for MCP servers and agent skills, offline artifact for air-gapped environments
VE (Agentic Vulnerability Enumeration) is an open behavioral classification standard for agentic AI components. Each record describes what a dangerous skill file or MCP server does, scores it with OWASP AIVSS v0.8, and maps it to OWASP MCP Top 10 and MITRE ATLAS.
v1.1.0 shipped last week:
- 51 records at schema v1.0.0, detection rules and fixtures for all of them
- Three new records: HTTP Host Header Injection (BadHost), Parasitic Toolchain, OAuth Discovery Rebinding -- all confirmed gaps from a benchmark across MCPSecBench, FSF-MCP, and Hou et al. 2025
- Offline artifact for air-gapped environments: all 51 records as a single JSON array at the v1.1.0 release
If you maintain a scanner that detects MCP security issues, the implementer guide covers how to add ave_id to your finding output -- three patterns including one that makes zero network calls for regulated environments.
Registry: https://ave.bawbel.io/registry.html
GitHub: https://github.com/bawbel/ave
Implementer guide: https://github.com/bawbel/ave/blob/main/docs/specs/ave-implementer-guide.md