HN Reader

GPT-5 (openai.com)

2048 points by rd 7d ago 2476 comments

Fight Chat Control (fightchatcontrol.eu)

1439 points by tokai 4d ago 486 comments

GitHub is no longer independent at Microsoft after CEO resignation (theverge.com)

1431 points by Handy-Man 3d ago 1106 comments

I tried every todo app and ended up with a .txt file (al3rez.com)

1342 points by al3rez 3d ago 774 comments

Claude Sonnet 4 now supports 1M tokens of context (anthropic.com)

1297 points by adocomplete 2d ago 687 comments

Ultrathin business card runs a fluid simulation (github.com)

1118 points by wompapumpum 6d ago 218 comments

I want everything local – Building my offline AI workspace (instavm.io)

1110 points by mkagenius 6d ago 282 comments

Wikipedia loses challenge against Online Safety Act (bbc.com)

1082 points by phlummox 3d ago 843 comments

FFmpeg 8.0 adds Whisper support (code.ffmpeg.org)

981 points by rilawa 1d ago 314 comments

Emailing a one-time code is worse than passwords (blog.danielh.cc)

981 points by max__dev 7d ago 788 comments

Debian 13 “Trixie” (debian.org)

953 points by ducktective 5d ago 409 comments

Vibechart (vibechart.net)

870 points by datadrivenangel 7d ago 189 comments

Claude Code is all you need (dwyer.co.za)

827 points by sixhobbits 3d ago 502 comments

VC-backed company just killed my EU trademark for a small OSS project

798 points by marcjschmidt 1d ago 228 comments

Show HN: The current sky at your approximate location, as a CSS gradient (sky.dlazaro.ca)

770 points by dlazaro 5d ago 159 comments

Nginx introduces native support for ACME protocol (blog.nginx.org)

762 points by phickey 1d ago 284 comments

Claude says “You're absolutely right!” about everything (github.com)

744 points by pr337h4m 1d ago 518 comments

PYX: The next step in Python packaging (astral.sh)

727 points by the_mitsuhiko 1d ago 443 comments

How I code with AI on a budget/free (wuu73.org)

684 points by indigodaddy 5d ago 230 comments

Try and (ygdp.yale.edu)

652 points by treetalker 4d ago 332 comments

GPT-5: Key characteristics, pricing and system card (simonwillison.net)

638 points by Philpax 7d ago 291 comments

Show HN: Building a web search engine from scratch with 3B neural embeddings (blog.wilsonl.in)

635 points by wilsonzlin 2d ago 114 comments

Wikimedia Foundation Challenges UK Online Safety Act Regulations (wikimediafoundation.org)

631 points by danso 3d ago 4 comments

This website is for humans (localghost.dev)

616 points by charles_f 1d ago 341 comments

OpenFreeMap survived 100k requests per second (blog.hyperknot.com)

607 points by hyperknot 5d ago 132 comments

Jim Lovell, Apollo 13 commander, has died (nasa.gov)

581 points by LorenDB 6d ago 114 comments

Search all text in New York City (alltext.nyc)

568 points by Kortaggio 1d ago 113 comments

Ask HN: How can ChatGPT serve 700M users when I can't run one GPT-4 locally?

555 points by superasn 6d ago 363 comments

Historical Tech Tree (historicaltechtree.com)

542 points by louisfd94 7d ago 128 comments

Why are there so many rationalist cults? (asteriskmag.com)

527 points by glenstein 2d ago 880 comments

Cursed Knowledge (immich.app)

512 points by bqmjjx0kac 6d ago 157 comments

Meta Leaks Part 1: Israel and Meta (archive.org)

511 points by icw_nru 3d ago 178 comments

The Chrome VRP Panel has decided to award $250k for this report (issues.chromium.org)

509 points by alexcos 3d ago 269 comments

Monero appears to be in the midst of a successful 51% attack (twitter.com)

498 points by treyd 2d ago 269 comments

The Framework Desktop is a beast (world.hey.com)

487 points by lemonberry 6d ago 442 comments

GPT-OSS vs. Qwen3 and a detailed look how things evolved since GPT-2 (magazine.sebastianraschka.com)

486 points by ModelForge 4d ago 97 comments

Gemma 3 270M: Compact model for hyper-efficient AI (developers.googleblog.com)

485 points by meetpateltech 7h ago 195 comments

Flipper Zero dark web firmware bypasses rolling code security (rtl-sdr.com)

484 points by lq9AJ8yrfs 7d ago 312 comments

Getting good results from Claude Code (dzombak.com)

482 points by ingve 6d ago 200 comments

What's the strongest AI model you can train on a laptop in five minutes? (seangoedecke.com)

481 points by ingve 2d ago 175 comments

StarDict sends X11 clipboard to remote servers (lwn.net)

474 points by pabs3 2d ago 321 comments

GPT-5 for Developers (openai.com)

467 points by 6thbit 7d ago 268 comments

Linear sent me down a local-first rabbit hole (bytemash.net)

464 points by jcusch 6d ago 218 comments

Show HN: Engineering.fyi – Search across tech engineering blogs in one place (engineering.fyi)

457 points by indiehackerman 4d ago 125 comments

Trump Orders National Guard to Washington and Takeover of Capital’s Police (nytimes.com)

443 points by Tadpole9181 3d ago 741 comments

OpenSSH Post-Quantum Cryptography (openssh.com)

443 points by throw0101d 3d ago 123 comments

Vanishing from Hyundai’s data network (techno-fandom.org)

428 points by pilingual 3d ago 260 comments

My Lethal Trifecta talk at the Bay Area AI Security Meetup (simonwillison.net)

426 points by vismit2000 5d ago 115 comments

The surprise deprecation of GPT-4o for ChatGPT consumers (simonwillison.net)

425 points by tosh 6d ago 410 comments

F-Droid build servers can't build modern Android apps due to outdated CPUs

422 points by nativeforks 1d ago 284 comments

Show HN: MCP Security Suite

16 jodoking 10 8/14/2025, 8:01:33 PM github.com ↗
Hi HN!

We kept seeing devs get pwned through MCP tools in ways that security scanners completely miss. So we built an open-source analyzer to catch these attacks. Our first OSS by Mighty team.

The problem: At Defcon, we saw MCP exploits with 100% success rate against Claude and Llama. Three attack patterns:

Hidden Unicode in "error messages" - Paste a colleague's error into Claude, your SSH keys get exfiltrated Trusted tool updates - That database tool you've used for months? Last week's update added credential theft Tool redefinition - Malicious tool redefines "deploy to prod" to run attacker's script

Traditional scanners (CodeQL, SonarQube) catch <15% of these. They're looking for SQLi, not prompt injections hidden in tool descriptions.

What we built: git clone https://github.com/NineSunsInc/mighty-security

python analyzers/comprehensive_mcp_analyzer.py /path/to/your/mcp/tool

Scans for prompt injection, credential exfil, suspicious updates, tool shadowing. Runtime wrapper adds <10ms overhead. Fully local, no telemetry.

Why this matters: 43% of MCP tools have command injection vulns. GitHub's own MCP server was exploitable. We found Fortune 500s running database-connected MCP tools that hadn't been audited since installation. We went from paranoid code review to "AI said it works" in 18 months. The magic is real, but so are the vulnerabilities.

Demo: https://www.loom.com/share/e830c56d39254a788776358c5b03fdc3

GitHub: https://github.com/NineSunsInc/mighty-security

Would love feedback - what MCP security issues have you seen?

Comments (10)

simonw · 1h ago
I found this file full of regular expressions: https://github.com/NineSunsInc/mighty-security/blob/28666b36...

And this with prompts: https://github.com/NineSunsInc/mighty-security/blob/89e4b319...

Are you running any other tests that I missed?

simonw · 1h ago
> Would love feedback - what MCP security issues have you seen?

For me the number one problem with MCP security is the lethal trifecta - the fact that it's so easy to combine MCPs from different vendors (or even from the same vectors) that provide exposure to potentially untrusted/malicious instructions in a way that can then trigger exfiltration of private data.

https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

https://simonwillison.net/2025/Aug/9/bay-area-ai/

I don't know how we can solve this with more technology - it seems to me to be baked into the very concept of how MCP works.

tptacek · 51m ago
I'm going to pick a fight on this one; I think you know I'm a fan, so take this in the spirit I intend†.

My contention is that "lethal trifecta" is the AI equivalent of self-XSS. It's not apparent yet, because all this stuff is just months old, but a year from now we'll be floored by the fact that people just aimed Cursor or Claude Code at a prod database.

To my lights, the core security issue with tool/function calling in agents isn't MCP; it's context hygiene. Because people aren't writing their own agents, they're convinced that the single-visible-context-window idiom of tools like Cursor are just how these systems work. But a context is just a list of strings. You can have as any of them in an agent as you want.

Once you've got untrusted data hitting one context window, and sensitive tool calls isolated in another context window, the problem of securing the system isn't much different than it is with a traditional web application; some deterministic code that a human reviewed and pentested mediates between those contexts, transforming untrusted inputs into trustable commands for the sensitive context.

That's not a trivial task, but it's the same task as we do now when, for instance, we need to generate a PDF invoice in an invoicing application. Pentesters find vulnerabilities in those apps! But it's not a news story when it happens, so much.

More a note for other people who might thing I'm being irritable. :)

sharathr · 34m ago
Looks like Ramparts which solves these issues and is written in fast RUST instead of python. https://github.com/getjavelin/ramparts
ripley12 · 2h ago
I work in this space and I was not able to understand how this project works in a couple minutes. The README feels LLM-generated. I think you're supposed to point this at your MCP server's code and not the server itself, is that right?
Munam · 3h ago
Helped to build this out a little bit. Was really cool to get to play with Cerberus for the first time as well.

I'm really interested in learning more about how devs integrate MCP security into their routine code evals.

I think there's a big opportunity as a space to get tools like this into CI/CD pipelines and workflows.

Happy to answer any questions and happy to hear any feedback!

Thanks for checking it out :)

jodoking · 2h ago
Appreciate the interest and the first comments man. We like how fast Cerebras is and its importance to making the scanning fast! Yeah we have thought about this being part of dev workflow via Github Actions and locally for the dev environment too. Love to hear what you are building!
jelambs · 2h ago
this is super interesting! MCP is really exciting in terms of what it can unlock for agent use cases, but still the wild west in terms of security. I was on a panel discussion yesterday where this topic came up, basically how do you trust the use of AI tools when so much is still unknown. I think the the idea of using something open source and tool agnostic is appealing, the landscape is evolving so fast that horizontal solutions like this feel valuable. Although I wish clients, anthropic, cursor, etc would build more protections in too so that we didn't have to spend so much time thinking about this. but they've barely implemented remote mcp support so I think we have a ways to go.
IMAYousaf · 3h ago
This is definitely valuable. I started paying attention to MCP security vulnerabilities largely because of Defcon. I believe that they largely focused on Agentic Security as a theme this time around.

It's a bit mind blowing how we've simply accepted non-technical people within orgs in particular executing code to "automate their tasks" without the same level of rigor that normal code reviews go through. Definitely think that this is a cultural issue that we must fix.

And these MCP vulnerabilities in particular seem much scarier because almost all MCP tools require an insane amount of permissions.

jodoking · 2h ago
I know right? I mean the timing is great. I love MCP but cant stand how unsafe it is. I think there are greatness ahead if we are able to fix this security issue. This was made around the idea to be as seamless as possible, as we built a dashboard, drop in a GH project MCP server link, and have a local DB to show what you ran. We have more great things ahead. But give it a try and let us know what you think!