|
|
|
|
|
|
by wunderwuzzi23
335 days ago
|
|
|
The "on by default" mitigation is mentioned at the very end: > Never enable "auto-confirm" on high-risk tools Maybe some tools should be able to specify to a client to never call it without a human approval. The security of the MCP ecosystem is basically based on human in the loop - otherwise things can go terribly wrong because of prompt injection and confused clients. And I'm not sure if current human approval scheme work, because the normalization of deviance is a real thing and humans don't like clicking "approve" all the time... |
|
|