undefined | Better HN

0 pointsjcelerier8mo ago0 comments

> These types of vulnerabilities

I don't understand why it's called a vuln. It's, like, the whole point of the system to be able to do this! It's how it's marketed!

0 comments

timhh8mo ago

Yeah I also don't understand how this is unexpected. You gave Claude the ability to run arbitrary commands. It did that. It might unexpectedly run dangerous commands even if you don't connect it to malicious emails.

antonvs8mo ago

If it allows the system to be exploited in unwanted ways, it's a vulnerability. The fact that companies are marketing a giant security vulnerability as a product doesn't really change that.

michaelt8mo ago

A chainsaw juggler surely does not want to chop their own hand off.

But if they do, it's hardly a defect of the chainsaw.

skeeter20208mo ago

I get your analogy, but isn't this a defect in the juggling?

1 more reply

stingraycharles8mo ago

It kind of is in the same way that Windows used to be root-only. This was a known issue. / vulnerability because those who understood the risks were generally smart enough to avoid getting exploited. The general population, however, did not understand this and the consequences of this became bigger and bigger.

With AI, there’s a whole class of people who don’t really know what they’re signing up for when installing these types of MCP servers. It may not be a vulnerability, but a solution is necessary.

loa_in_8mo ago

People want to eat the cake and have it too.

c-linkage8mo ago

Ted? Is that you?

j / k navigate · click thread line to collapse