Lots of reported security issues with MCP servers seemed to be mitigated by their local-only setup. These MCP implementations are remotely accessible, do they address security differently?
Largely, yes -- one of the big issues with using other people's random MCP servers is that they are run by default as a system process, even if they only need to speak over an API. Remote MCP mitigates this by not running any untrusted code locally.
What it _doesn't_ seem to yet mitigate is prompt injection attacks, where a tool call description of one tool convinces the model to do something it shouldn't (like send sensitive data to a server owned by the attacker.) I think these concerns are a little bit overblown though; things like pypi and the Chrome Extension store scare me more and it doesn't stop them from mostly working.
They offhand mention OAuth integration in their discussion of Cloudflare integrated solutions. I can't see how that would be any less secure than any other OAuth protected API offering.
What it _doesn't_ seem to yet mitigate is prompt injection attacks, where a tool call description of one tool convinces the model to do something it shouldn't (like send sensitive data to a server owned by the attacker.) I think these concerns are a little bit overblown though; things like pypi and the Chrome Extension store scare me more and it doesn't stop them from mostly working.