upvote

points

by simonw6 hours ago |
comments
upvoteby Aunche4 hours ago|
[-]
I still don't understand understand. Aren't the risks the exact same for any external facing API? Maybe my imagined use case for MCP servers is different from others.
reply
upvoteby Yeroc4 hours ago|
parent|
[-]
Imagine running an MCP server inside your network that grants you access to some internal databases. You might expect this to be safe but once you connect that internal MCP server to an AI agent all bets are off. It could be something as simple as the AI agent offering to search the Internet but being convinced to embed information provided from your internal MCP server into the search query for a public (or adversarial service). That's just the tip of the iceberg here...
reply
upvoteby Aunche3 hours ago|
parent|
[-]
I see. It's wild to me that people would be that trusting of LLMs.
reply
upvoteby withinboredom3 hours ago|
parent|
[-]
They weren’t kidding about hooking mcp servers to internal databases. You see people all the time connecting LLMs to production servers and losing everything — on reddit.

Its honestly a bit terrifying.

reply
upvoteby koakuma-chan16 minutes ago|
parent|
next
[-]
> on reddit

Explains everything

reply
upvoteby Aeolun1 hours ago|
parent|
prev|
[-]
Claude has a habit of running ‘npm prisma reset —force’, then being super apologetic when I tell it that clears my dev database.
reply