Hi HN!
We kept seeing devs get pwned through MCP tools in ways that security scanners completely miss. So we built an open-source analyzer to catch these attacks. Our first OSS by Mighty team.
The problem: At Defcon, we saw MCP exploits with 100% success rate against Claude and Llama. Three attack patterns:
Hidden Unicode in "error messages" - Paste a colleague's error into Claude, your SSH keys get exfiltrated Trusted tool updates - That database tool you've used for months? Last week's update added credential theft Tool redefinition - Malicious tool redefines "deploy to prod" to run attacker's script
Traditional scanners (CodeQL, SonarQube) catch 15% of these. They're looking for SQLi, not prompt injections hidden in tool descriptions.
What we built: git clone https://github.com/NineSunsInc/mighty-security
python analyzers/comprehensive_mcp_analyzer.py /path/to/your/mcp/tool
Scans for prompt injection, credential exfil, suspicious updates, tool shadowing. Runtime wrapper adds 10ms overhead. Fully local, no telemetry.
Why this matters: 43% of MCP tools have command injection vulns. GitHub's own MCP server was exploitable. We found Fortune 500s running database-connected MCP tools that hadn't been audited since installation. We went from paranoid code review to "AI said it works" in 18 months. The magic is real, but so are the vulnerabilities.
Demo: https://www.loom.com/share/e830c56d39254a788776358c5b03fdc3
GitHub: https://github.com/NineSunsInc/mighty-security
Would love feedback - what MCP security issues have you seen?
Comments URL: https://news.ycombinator.com/item?id=44904974
Points: 5
# Comments: 2
Chcete-li přidat komentář, přihlaste se
Ostatní příspěvky v této skupině
Article URL: https://quaternion.cafe/
Comments URL: https://news.ycombinator.com/item?id=44912
Article URL: https://www.bmj.com/content/390/bmj-2024-083658
Article URL: https://paulgraham.com/ds.html
Comments URL: https://news.ycombinator.com/i
Article URL: https://soonly.com/electric-fences/
Comments URL: https://news.ycombin
