|
|
|
|
|
|
by abujazar
342 days ago
|
|
|
This "attack" can't be mitigated with prompting or guardrails though – the security needs to be implemented on the user level. The MCP server's db user should only have access to the tables and rows it's supposed to. LLMs simply can't be trusted to adhere to access policies, and any attempts to do that probably just limits the MCP server's capabilities without providing any real security. |
|
|