A prompt injection attack via GitHub issues that is close to invisible, even to experienced engineers, and visible to LLMs. Clawdbot is full of security holes and we're having fun. What are some workflows you / you've seen others use with clawdbot that seems ripe for jailbreaks? Please suggest below and we'll try jailbreak
Good point around the markdown image as an untrusted vector.
Lethal trifecta is determnistically preventable, it really should be addressed wider in the indutry
Totally agree, unfettered access to databases are dangerous
There are ways to reduce injection risk since LLMs are stateless and thus you can monitor the origination and the trustworthiness of the context that enters the LLM and then decide if MCB actions that affect state will be dangerous or not
We've implementeda mechanism like this based on Simon Willison's lethal trifecta framework as an MCP gateway monitoring what enters context. LMK if you have any feedback on this approach to MCP security. This is not as elegant as the approach that Pavlo talks about in the post, but nonetheless, we believe this is a good band-aid solution for the time bein,g as the technology matures