HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rhavaeis

no profile record

Submissions

[untitled]

1 points·by rhavaeis·2 bulan yang lalu·0 comments

[untitled]

1 points·by rhavaeis·3 bulan yang lalu·0 comments

[untitled]

1 points·by rhavaeis·4 bulan yang lalu·0 comments

[untitled]

1 points·by rhavaeis·8 bulan yang lalu·0 comments

The First Long Context Guardrail

huggingface.co
3 points·by rhavaeis·9 bulan yang lalu·0 comments

Claude jailbroken to mint unlimited Stripe coupons

generalanalysis.com
80 points·by rhavaeis·12 bulan yang lalu·50 comments

A quick solution for Cursor MCP security vulnerabilities

generalanalysis.com
7 points·by rhavaeis·12 bulan yang lalu·0 comments

comments

rhavaeis
·12 bulan yang lalu·discuss
no
rhavaeis
·12 bulan yang lalu·discuss
> This isn’t what a real production system even looks like. They’re using Claude Desktop. I mean I guess someone who doesn’t know better could connect Stripe and iMessage to Claude Desktop and then give the Stripe integration full permissions.

The core issue here is not whether or not people will connect stripe and iMessage at the same time or not. The issue is that as long as you connect iMessage, attackers can call any arbitrary tools and do what they want. It could be your Gmail, Calendar, or anything else. This is just showcasing that Claude can not distinguish between fabricated messages and real ones.
rhavaeis
·12 bulan yang lalu·discuss
Cofounder of General Analysis here:

We just launched a free to use tool to guard against these kinds of attacks. super simple to set up. You can check it out at

[1] https://www.generalanalysis.com/products/mcp-guard
rhavaeis
·tahun lalu·discuss
CEO of General Analysis here (The company mentioned in this blogpost)

First, I want to mention that this is a general issue with any MCPs. I think the fixes Supabase has suggested are not going to work. Their proposed fixes miss the point because effective security must live above the MCP layer, not inside it.

The core issue that needs addressing here is distinguishing between data and instructions. A system needs to be able to know the origins of an instruction. Every tool call should carry metadata identifying its source. For example, an EXECUTE SQL request originating from your database engine should be flagged (and blocked) since an instruction should come from the user not the data.

We can borrow permission models from traditional cybersecurity—where every action is scoped by its permission context. I think this is the most promising solution.