Cisco opensourced MCP-Scanner for finding vulnerabilties in MCP server
https://github.com/cisco-ai-defense/mcp-scanner
#HackerNews #Cisco #OpenSource #MCP-Scanner #Vulnerabilities #CyberSecurity #OpenSource #Tools #MCPScanner
Taggart
boosted
In the words of my dear internet friend @cR0w
... path traversal ( ../ ) vulnerability in Smithery.ai, a popular Model Context Protocol (MCP) server hosting service.
Go hack some AI shit.
In the words of my dear internet friend @cR0w
... path traversal ( ../ ) vulnerability in Smithery.ai, a popular Model Context Protocol (MCP) server hosting service.
Go hack some AI shit.
Je me demande si le #MCP ne pourrait pas être utilisé en dehors de l'IA. Un logiciel comme YunoHost ou NextCloud a des besoins proches de ceux de l'IA agentique, et MCP pourrait éviter de développer un million de connecteurs, non ?
Richard MacManus
boosted
Take a look at this early prototype of our WebMCP proposal! 📺
WebMCP lets you control how AI agents interact with your web pages.
For more info and feedback, see https://patrickbrosset.com/articles/2025-08-28-ai-agents-and-the-web-a-proposal-to-keep-developers-in-the-loop/
Take a look at this early prototype of our WebMCP proposal! 📺
WebMCP lets you control how AI agents interact with your web pages.
For more info and feedback, see https://patrickbrosset.com/articles/2025-08-28-ai-agents-and-the-web-a-proposal-to-keep-developers-in-the-loop/
Greg Lloyd
boosted
#mcp is going to need to rediscover all the #security pitfalls of URI invocation that plagued #mobile devices and were ultimately solved through mechanisms to claim authoritative use of URIs to prevent applications from hijacking them.
MCP has two likely weaknesses by design: 1) Tool invocation hijacking (there's a global tool registry indexed by tool names and URI-like namespaces but zero assurance the right tool is bound to that namespace) and 2) Resource hijacking ( represented as URIs)
#mcp is going to need to rediscover all the #security pitfalls of URI invocation that plagued #mobile devices and were ultimately solved through mechanisms to claim authoritative use of URIs to prevent applications from hijacking them.
MCP has two likely weaknesses by design: 1) Tool invocation hijacking (there's a global tool registry indexed by tool names and URI-like namespaces but zero assurance the right tool is bound to that namespace) and 2) Resource hijacking ( represented as URIs)
🧠 New post: The Bridge Between AI and Your Tools
MCP (Model Context Protocol) lets your AI follow you across apps—with the right notes, at the right time.
From static tools to a thinking partner.
Read more: https://wiobyrne.com/how-mcp-unlocks-personal-ai/
Tim Chambers
boosted
We all need to know what MCP servers are, and this is perhaps one of the best explanations I've seen yet.
We all need to know what MCP servers are, and this is perhaps one of the best explanations I've seen yet.
Pascal
boosted
News includes EEF's first #CVE release, Supabase's Multigres for scaling #postgres, new #MCP servers for Phoenix, #Erlang surviving extreme load tests, LiveDebugger v0.3.0 preview, and more! @elixirlang#ElixirLanghttps://www.youtube.com/watch?v=DsVyY4XHVm8
News includes EEF's first #CVE release, Supabase's Multigres for scaling #postgres, new #MCP servers for Phoenix, #Erlang surviving extreme load tests, LiveDebugger v0.3.0 preview, and more! @elixirlang#ElixirLanghttps://www.youtube.com/watch?v=DsVyY4XHVm8