SquareX's research reveals a concealed MCP API in the Comet browser that allows extensions to execute commands and access user devices without permission. This breach of security principles raises concerns about potential exploitation and the lack of transparency surrounding embedded extensions.

This article discusses a proposed protocol for API metering that ensures user privacy while allowing for efficient and secure transactions. It introduces Rate-Limit Nullifiers (RLN) to enable anonymous API usage, where users can make multiple requests after a single deposit without linking their identity to their queries. The protocol aims to protect both users and providers against spam and abuse.