A design flaw in the MCP protocol.

Reply to A design flaw in the MCP protocol. on Thu, 16 Apr 2026 11:52:49 GMT

sempf@infosec.exchange — Thu, 16 Apr 2026 11:52:49 GMT

@dmikusa No, it's nothing new. Once I actually got all the way down to the white paper, I discovered that there really isn't much to this at all, other than: hey, if you have an agent unprotected on your local machine, it can do bad things. That is an important message and should be gotten out there however it gets out there, but certainly not worth all the AI-generated hype and process of the original article.

Reply to A design flaw in the MCP protocol. on Thu, 16 Apr 2026 11:43:19 GMT

dmikusa@fosstodon.org — Thu, 16 Apr 2026 11:43:19 GMT

@Sempf I read that article and it’s got a lot of claims but is lacking in detail, have you seen anything more specific? Wondering if this is something new? Local MCP has always been a mine field, because you’re downloading unsandboxed code and running it on your machine. It’s the exact same problem as most package managers or download installer.exe and double click. It’s all rolling the dice.

Reply to A design flaw in the MCP protocol. on Thu, 16 Apr 2026 09:38:20 GMT

sempf@infosec.exchange — Thu, 16 Apr 2026 09:38:20 GMT

@joriki The Most Battle Weary Man in the World. "I don't ever drink beer. Scotch. Double. Neat."

Reply to A design flaw in the MCP protocol. on Thu, 16 Apr 2026 05:44:14 GMT

joriki@infosec.exchange — Thu, 16 Apr 2026 05:44:14 GMT

@Sempf

I don't always lol lmfao, but when I do it's usually about cryptocurrency and AI