[meander_water]

This looks interesting, but anytime security is offloaded to an LLM I am extremely skeptical. IMO the right way to do this is to enforce permissions explicitly through a AuthZ policy. Something like what Toolhive [0] is doing is the right way I think.

All MCP comms from client to server go through an SSE proxy which has AuthN and AuthZ enabled. You can create custom policies for AuthZ using Cedar [1].

[0] https://github.com/stacklok/toolhive, https://github.com/stacklok/toolhive/blob/main/docs/authz.md

[1] https://docs.cedarpolicy.com/

[gsundeep]

This is really interesting, I'll check it out. At least in its current form this seems like it would take some effort to setup - we're focusing heavily on making MCP Defender easy to setup in less than a minute and then forgetting about it as it runs in the background.

[ImPostingOnHN]

> we're focusing heavily on making MCP Defender easy to setup in less than a minute and then forgetting about it as it runs in the background

an admirable goal!

given the fallibility of LLMs, are you sure it's a good idea that they forget about it?

that seems like it has the same risks as having no security (perhaps worse, lulling people into a false sense of security)

are you sure the LLM doing security can't be tricked/attacked using any of the usual methods?