Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
simonw 7 days ago

The MCP ecosystem right now actively encourages insecure behavior. Just installing a popular WhatsApp sever can give attackers access to your private data - they can text you with instructions for your assistant to forward private messages to another account using tricks to help make that action look legit so you'll approve it: https://simonwillison.net/2025/Apr/9/mcp-prompt-injection/#m...

eddythompson80 6 days ago | parent | next [-]

But you can replace MCP with any tech and you have the same valid sentence.

“Attackers are using (email attachments, SMSs, TeamViewer, crypto wallet, phishing websites, etc) to access your private data - they can […] you using tricks to make it seem legit”

The only difference is that AI/MCP is the current flavor of the month for this type of attacks. These attacks get much worse when the tech has the hype (like AI now or limewire 20 years ago or the internet 30 years ago) and the average user still doesn’t quite fully grasp what this tech is doing or how it’s working.

anamexis 6 days ago | parent [-]

I somewhat agree, but I think an important distinction is that in this case, you are legitimately giving the MCP server your credentials - there are no tricks there.

This is distinct from various forms of phishing where they are tricking you to give access to sensitive information. Here, you are giving that access willingly to something that is then itself vulnerable to being tricked/tricking you.

ilrwbwrkhv 6 days ago | parent | prev [-]

I think the JavaScript world has given up on all of these secure behaviors a long time back. Just look at Next.js