top | item 44905063

(no title)

IMAYousaf | 6 months ago

This is definitely valuable. I started paying attention to MCP security vulnerabilities largely because of Defcon. I believe that they largely focused on Agentic Security as a theme this time around.

It's a bit mind blowing how we've simply accepted non-technical people within orgs in particular executing code to "automate their tasks" without the same level of rigor that normal code reviews go through. Definitely think that this is a cultural issue that we must fix.

And these MCP vulnerabilities in particular seem much scarier because almost all MCP tools require an insane amount of permissions.

discuss

jodoking|6 months ago

I know right? I mean the timing is great. I love MCP but cant stand how unsafe it is. I think there are greatness ahead if we are able to fix this security issue. This was made around the idea to be as seamless as possible, as we built a dashboard, drop in a GH project MCP server link, and have a local DB to show what you ran. We have more great things ahead. But give it a try and let us know what you think!