|
|
|
|
|
|
by cmiles74
393 days ago
|
|
|
I believe the issue here is with tooling provided to the LLM. It looks like GitHub is providing tools to the LLM that give it the ability to search GitHub repositories. I wouldn't be shocked if this was a bug in some crappy MCP implementation someone whipped up under some serious time pressure. I don't want to let Microsoft of the hook on this but is this really that surprising? Update: found the company's blog post on this issue. https://invariantlabs.ai/blog/mcp-github-vulnerability |
|
|