Hacker Newsnew | past | comments | ask | show | jobs | submit | gsundeep's commentslogin

Agreed, I think adding guardrails to this would be really useful to ensure the AI only has limited permissions to these services (or asking for some sort of confirmation before making potentially dangerous tool calls).


It really concerns me that this is an afterthought rather than MVP table stakes.


Imagine the show HN post of:

HEY GUYS. I just made an amazing NPM package - it just adds in whatever other packages you need depending on what it looks up randomly on the internet and runs them.

Actually now a read this it does sound kinda similar to how NPM works…


Currently we are only recording which tools were requested by the MCP client. We don't store details of the executed tool, neither the arguments nor the response. Currently we are not open source but we are considering that. Thanks for the feedback!


We are thinking of open sourcing it, the current codebase requires Cloudflare Workers so it will take some changes to make it more generic. Thank you for the feedback!


We'll soon be adding the ability to have multiple models perform the scan in parallel, so any attack would have to bypass all of the models.


So literally a firewall-firewall?


Thanks for your comment - MCP Defender sits between the MCP client and server, it doesn't need to worry about the protocols that the server communicates with to other services.


This is certainly a valid concern. We'll soon be adding the ability to have multiple models perform the scan in parallel, so any attack would have to bypass all of the models.


That worked out super well for antivirus products.


With the default signatures, source code would not be treated as malicious. However, you can add custom signatures and detect whatever you'd like. We'll soon be adding deterministic rules as well to complement the LLM based ones.


MCP Defender sits between the MCP client and server. If you use Cursor for example, MCP Defender rewrites your Cursor MCP config file so that all MCP servers point to the MCP Defender proxy. So the tool calls are scanned before they make it to the server. The responses from the servers are also scanned although this is configurable (disabling it speeds up scans).


Ah thanks. Sorry I didn't see your reply before I posted the analysis. I'll leave it. Thanks for the reply. Congrats on the project. Seems like a legit need.


This is really interesting, I'll check it out. At least in its current form this seems like it would take some effort to setup - we're focusing heavily on making MCP Defender easy to setup in less than a minute and then forgetting about it as it runs in the background.


> we're focusing heavily on making MCP Defender easy to setup in less than a minute and then forgetting about it as it runs in the background

an admirable goal!

given the fallibility of LLMs, are you sure it's a good idea that they forget about it?

that seems like it has the same risks as having no security (perhaps worse, lulling people into a false sense of security)

are you sure the LLM doing security can't be tricked/attacked using any of the usual methods?


We used Cursor + MCP tools like Cloudflare, Linear and Github to build and deploy a lot of MCP Defender, so I think the value is real. I had the same thought about it feeling like an antivirus/firewall many of us ran decades ago. Those always felt clunky and slowed down your computer. We'll try our best to avoid that fate


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: