Hacker News new | ask | show | jobs
by shakna 335 days ago
Stupid? Yes.

Common? Also, yes.

This one targets Claude. But we've already seen it with Copilot and I expect we'll soon see it hit Gemini, and others.

AI is being forcibly integrated across all major systems. Your email provider will set this up, if they haven't already.
1 comments
simonw 335 days ago
Have you seen an "official" MCP directly provided by an email service yet?

I had assumed they weren't doing this precisely because of the enormous risk - if you have the ability to both read and send email you have all three legs of the lethal trifecta in one MCP!

So far, I have only seen unofficial MCPs for things like Gmail that work using their existing APIs.

link
shakna 335 days ago
"Since Copilot is integrated with Microsoft 365, the scope of risk included files, contracts, communications, financial data, and more."

https://windowsforum.com/threads/echoleak-cve-2025-32711-cri...

"At Microsoft, we believe in creating tools that empower you to work smarter and more efficiently. That’s why we’re thrilled to announce the first release of Model Context Protocol (MCP) support in Microsoft Copilot Studio. With MCP, you can easily add AI apps and agents into Copilot Studio with just a few clicks."

https://www.microsoft.com/en-us/microsoft-copilot/blog/copil...

link
simonw 335 days ago
Does that include an official Microsoft MCP for access to Outlook or other Microsoft email services??

That second link looks to me like an announcement of MCP client support, which means they get to outsource the really bad decisions to third-party MCP providers and users who select them.

link