Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No it can't work. Not in general. And MCP is "in general". Whereas custom coded tool use might be secure on a case by case basis if the coder knows what they are doing.


If you restrict MCP enough, you get a regular server with REST API endpoints.


Interested in how that is done.

By the way "regular server" is doing a lot of the work there. The transfer of a million dollars from your bank is API calls to a regular server.


MCP is a red herring here.


Yes I agree. You can build a system by hand that.

1. Calls a weather api.

2. Runs that over LLM.

3. Based on that decides whether to wake you up 30 minutes early.

That case can be proven secure modulo a hack to the weather service means you get woken up early but you can understand the threat model.

MCP is like getting a service that can inject any context (effectively reorient your agent) to another service that can do the same. Either service may allow high level access to something you care about. To boot either service may pull in arbitrary context from online easily controlled by hackers. E.g. using just SEO you could cause someone's 3D printer to catch fire.

Yes the end user chooses which servers. Just like end users buy a wifi lightbulb then get doxxed a month later.

There might be some combination of words in a HN comments that would do it!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: