July 2026 — Web Design & Dev news.
What changed, as it happens.
Tracked daily from primary sources. The items below are what we're watching for clients right now.
Chrome warns the WebMCP tools you expose to agents can be used to hijack them
Chrome’s developer docs for WebMCP (still in origin trial) describe two attack vectors — malicious tool manifests and “contaminated output,” where user-generated content like reviews carries hidden instructions an agent then follows — and specify mitigations for site owners: an untrustedContentHint flag, a readOnlyHint, exposedTo origin restriction, and character-budget caps on tool descriptions and outputs. If you wire up WebMCP tools, treat any UGC-derived text as untrusted before an agent acts on it.Search Engine Journal →
Safari/WebKit ships an MCP server for AI-assisted web debugging
Apple’s WebKit released a Model Context Protocol server for Safari that lets AI agents connect to the browser to collect network and DOM data, aimed at debugging accessibility, compatibility, and performance issues including Core Web Vitals. Another mainstream browser wiring itself for agent access.Search Engine Journal →
Custom ecommerce engineering, AI apps, and SEO — typically 60–80% less than traditional agency pricing.
20+ years of BigCommerce engineering, now AI-augmented. Tell us your store, your stack, and your deadline — we quote fixed scope on the first call.