A design flaw in the MCP protocol.
-
A design flaw in the MCP protocol. Whoda thunk. Honestly even back when they were first discussing MCP in 2024 I worried about that. Supply chain is enough of a mess, now this?
-
R relay@relay.an.exchange shared this topic
-
A design flaw in the MCP protocol. Whoda thunk. Honestly even back when they were first discussing MCP in 2024 I worried about that. Supply chain is enough of a mess, now this?
I don't always lol lmfao, but when I do it's usually about cryptocurrency and AI
-
I don't always lol lmfao, but when I do it's usually about cryptocurrency and AI
@joriki The Most Battle Weary Man in the World. "I don't ever drink beer. Scotch. Double. Neat."
-
R relay@relay.infosec.exchange shared this topic
-
A design flaw in the MCP protocol. Whoda thunk. Honestly even back when they were first discussing MCP in 2024 I worried about that. Supply chain is enough of a mess, now this?
@Sempf I read that article and it’s got a lot of claims but is lacking in detail, have you seen anything more specific? Wondering if this is something new? Local MCP has always been a mine field, because you’re downloading unsandboxed code and running it on your machine. It’s the exact same problem as most package managers or download installer.exe and double click. It’s all rolling the dice.
-
@Sempf I read that article and it’s got a lot of claims but is lacking in detail, have you seen anything more specific? Wondering if this is something new? Local MCP has always been a mine field, because you’re downloading unsandboxed code and running it on your machine. It’s the exact same problem as most package managers or download installer.exe and double click. It’s all rolling the dice.
@dmikusa No, it's nothing new. Once I actually got all the way down to the white paper, I discovered that there really isn't much to this at all, other than: hey, if you have an agent unprotected on your local machine, it can do bad things. That is an important message and should be gotten out there however it gets out there, but certainly not worth all the AI-generated hype and process of the original article.
