|
|
|
|
|
|
by stwelling
334 days ago
|
|
|
If nothing else, this serves as a warning call to those using MCP to be aware that an LLM, given access, can do damage. Devs are used to taking shortcuts and adding vulnerabilities because the chance of abuse seems so remote, but LLMs are external services typically, and you wouldn’t poke a hole a give ssh access to someone you don’t know externally, nor would you advertise internally in your company that an employee could query or delete data randomly if they so chose, so why not at the very least think defensively when writing code? I’ve gotten so lax recently and have let a lot of things slide, but I’m sure to at least speak up when I see these things, just as a reminder. |
|
|