HackerTrans
TopNewTrendsCommentsPastAskShowJobs

bettaher_adam

no profile record

Submissions

[untitled]

1 points·by bettaher_adam·3 ay önce·0 comments

comments

bettaher_adam
·4 ay önce·discuss
The fail-closed approach is the right default. One thing I'd add to the attack classes you're considering: prompt injection via filesystem reads — an attacker can craft a file that, when read by the agent, injects instructions into the tool-call chain.

We solved a similar boundary problem by signing all outputs with HMAC-SHA256 so downstream consumers can verify the response wasn't modified after the tool-call boundary. Not a replacement for your approach but complementary — input validation + output signing covers both ends.

Is the MCPSEC benchmark public yet?
bettaher_adam
·4 ay önce·discuss
The skeptic loop concept is the most interesting part here. One thing worth considering for the validation layer: signing the intermediate outputs between agents with HMAC so you can trace exactly which agent in the chain produced which conclusion. Makes debugging multi-agent pipelines significantly easier when something breaks mid-chain.

Also curious how you handle the case where Supervisor gets conflicting conclusions from two specialized agents — does it default to the skeptic or does it re-run?
bettaher_adam
·4 ay önce·discuss
Interesting approach to knowledge unit validation. One thing I've noticed when building constrained LLM pipelines: separating the system prompt from user input at the message level (not string concatenation) makes a significant difference in output consistency. Also worth looking at HMAC-signing the generated outputs so downstream consumers can verify integrity without re-running the model.