The "lethal trifecta" refers to default configurations, excessive permissions, and inadequate authentication - three factors that plague MCP implementations just as they did with earlier technologies.
OldfieldFund · 10h ago
This can be easily used to search for seeds/private keys when AI coding agents are in YOLO mode.
spiritplumber · 8h ago
MCP clearly needs an independent monitoring program to safeguard it. Let's call it Tron.
Arindam1729 · 10h ago
Truly, S in MCP stands for Security!
postalrat · 4h ago
And P in WFH stands for productive.
dotancohen · 8h ago
The S in SFTP?
The S in SSH?
The S in HTTPS?
The S in MCP?
All stand for the same thing!
I remember when this joke was first applied to IoT.
iotku · 7h ago
I do love the joke, but it is worth remembering as well that all of those S were to a certain extent afterthoughts to fix otherwise insecure protocols.
Given how old FTP and HTTP are it's fairly understandable that they weren't initially designed with security in mind, but I think it's valid to question why we're still designing insecure systems in 2025.
amitksingh1490 · 5h ago
Totally agree, If we have made a mistakes in past we must have learnt from it and when designing a standard specially with AI where the outcome is non deterministic we got be more careful.
amitksingh1490 · 10h ago
MCP new spec has to an extent covered auth. But the MCPs are yet to adopt to that.
100% - especially when Auth stands for just Authentication.
Simple RBAC authorization also won't take us far.
But Fine-grained Permissions(e.g. OPA, Cedar, OpenFGA, Permit.io) with ReBAC giving ai-agents Zero standing permissions, and only deriving on the fly the least privilege they need / got consent for, can dramatically reduce the problem
rvz · 10h ago
We have not learned anything from the hundreds of open MongoDB databases without passwords floating around the internet waiting to be breached.
We now have the same with MCP servers in the AI era as documented in [0].
This post is an obvious victim of upvote manipulation. HN should ban the forgecode domain if it's going to abuse submissions like this.
dayjah · 8h ago
Can you provide some context for your position? I’m not particularly familiar with ForgeCode. I’m interested in why you think there’s manipulation, and what you mean by “submissions like these”.
The S in SSH?
The S in HTTPS?
The S in MCP?
All stand for the same thing!
I remember when this joke was first applied to IoT.
Given how old FTP and HTTP are it's fairly understandable that they weren't initially designed with security in mind, but I think it's valid to question why we're still designing insecure systems in 2025.
We now have the same with MCP servers in the AI era as documented in [0].
[0] https://news.ycombinator.com/item?id=44604453