The runtime security layer for AI agent commerce. Drop-in CLI + MCP server — blocks hallucinated purchases and keeps card credentials out of agent context. it only takes 0.1% of Hallucination to drain 100% of your wallet.
pop-pay 0.8.5
The pop-pay AI commerce runtime security layer (version 0.8.5) is vulnerable to Remote Code Execution (RCE) due to insufficient input validation in AI agent interactions. This flaw allows attackers to execute arbitrary commands, potentially draining user wallets via hallucinated purchases. All users of pop-pay 0.8.5 are affected, with RCE enabling complete system compromise.