HN Reader

What Happens After I'm Gone? The Future of the Online Me (btxx.org)

2 points by todsacerdoti 1m ago 0 comments

The productivity paradox of AI coding assistants (cerbos.dev)

1 points by knes 2m ago 0 comments

Albania puts AI-created 'minister' in charge of public procurement (theguardian.com)

1 points by taubek 4m ago 0 comments

Reverse engineering SkyCards, a flight spotting game (blog.jonlu.ca)

1 points by jonluca 6m ago 0 comments

Jupiter is smaller and more squashed than we thought (newscientist.com)

2 points by kPwn 10m ago 0 comments

Amid restructuring, Novo Nordisk directs employees to return to office (fiercepharma.com)

2 points by randycupertino 10m ago 1 comments

AI Prompts for Self-Reflection (josecasanova.com)

1 points by jcsnv 12m ago 0 comments

Gemini (the Winklevoss Bitcoin Exchange) goes public at $28 and jumps to $40 (nasdaq.com)

1 points by andrewla 12m ago 0 comments

Epistemic Collapse at the WSJ (math.columbia.edu)

28 points by r721 12m ago 5 comments

Oracle and OpenAI Are Full of Crap (wheresyoured.at)

6 points by FromTheArchives 14m ago 0 comments

Choosing Rust for LLM-generated code (runmat.org)

3 points by nallana 15m ago 0 comments

Ohio bill would let utilities throttle customers' thermostats and water heaters (woub.org)

5 points by ilamont 15m ago 3 comments

NFL and UFC athletes try 'game-changing' psychedelic to treat brain injury (msn.com)

1 points by Stratoscope 17m ago 0 comments

Rich Hickey answered that Design decisions in Clojure (gist.github.com)

1 points by fanf2 17m ago 0 comments

All your vulns are belong to us CISA wants to maintain gov control of CVE prog (theregister.com)

1 points by rntn 17m ago 0 comments

LLM Hacking: Quantifying the Hidden Risks of Using LLMs for Text Annotation (arxiv.org)

1 points by Anon84 19m ago 0 comments

K2-Think: Teaching a 32B Model to Reason Like the Big Ones (k2think.ai)

3 points by amerf1 20m ago 0 comments

Amazon EC2 M4 and M4 Pro Mac Instances (aws.amazon.com)

1 points by HieronymusBosch 21m ago 0 comments

Why do browsers throttle JavaScript timers? (nolanlawson.com)

3 points by vidyesh 24m ago 0 comments

The New Status Game: Longevity (newinternet.tech)

1 points by jeffmorrisjr 25m ago 0 comments

LLMs as Retrieval and Recommendation Engines (medium.com)

3 points by pongogogo 31m ago 2 comments

MariaDB Cloud launched with "Serverless tier is free forever for small projects" (mariadb.com)

2 points by ottoke 33m ago 1 comments

Laramide Orogeny (en.wikipedia.org)

1 points by joebig 34m ago 0 comments

International anarchy? Modern adoption of Hobbes's state of nature (frontiersin.org)

2 points by bryanrasmussen 34m ago 0 comments

VR as a Stress Measurement Platform: Real-Time Behavioral Analysis (mdpi.com)

1 points by PaulHoule 36m ago 0 comments

How FOSS Projects Handle Legal Takedown Requests (f-droid.org)

3 points by mkesper 37m ago 0 comments

RFK Jr does not just reject vaccines. He rejects science and must step down (theguardian.com)

14 points by taylodl 37m ago 3 comments

Recollections of Richard Feynman's mid-1980s interest in artificial intelligence (arxiv.org)

2 points by joebig 39m ago 0 comments

Perplexity Raises $200M at $20B Valuation in AI Search Push (vktr.com)

2 points by vinni2 41m ago 0 comments

A Pragmatic Photo Archiving Solution (2019) (docs.google.com)

2 points by jmathai 42m ago 1 comments

Babies and LLMs (blog.karliner.net)

2 points by mkarliner 42m ago 0 comments

InstaTunnel (instatunnel.my)

1 points by keepamovin 44m ago 1 comments

The World Tram Driver Championships 2025 [video] (youtube.com)

1 points by sbuttgereit 46m ago 0 comments

Sequoia's 15-Year-Old Bet on Buy-Now, Pay-Later Firm Pays Off (bloomberg.com)

1 points by wslh 46m ago 1 comments

Trusting builds with Bazel remote execution (blogsystem5.substack.com)

2 points by zdw 46m ago 0 comments

Show HN: I got tired of Base64, so I made a numeric-only alternative

1 points by Forgret 47m ago 4 comments

Show HN: Modelling a macOS application around my productivity research (openmodeai.com)

1 points by zed_labs_dev 49m ago 0 comments

saorsail.com (saorsail.com)

1 points by RagingSpaceMonk 49m ago 0 comments

Microsoft reportedly fixing SSD failures caused by Windows updates (bleepingcomputer.com)

2 points by georgecmu 50m ago 1 comments

Humanely Dealing with Humungus Crawlers (flak.tedunangst.com)

7 points by freediver 52m ago 0 comments

Show HN: TierBuddy – A better, faster tier list creator with AI (tierbuddy.com)

1 points by jaequery 53m ago 0 comments

K2-Think: A Parameter-Efficient Reasoning System (arxiv.org)

2 points by mgl 55m ago 2 comments

Learn, Apply, & Get Certified in Prompt Engineering (learnprompting.org)

2 points by mooreds 56m ago 0 comments

Trump Renews Threat to Investigate Soros for Funding 'Agitation' (bloomberg.com)

3 points by donsupreme 57m ago 1 comments

Show HN: I built sendwish, birthday reminders and gift sending that doesn't suck (sendwish.app)

1 points by saintmalik 58m ago 0 comments

Ask HN: Did you get hired through 'Who wants to be hired?' by whoishiring?

4 points by techsystems 1h ago 0 comments

QGIS is a free, open-source, cross platform geographical information system (github.com)

4 points by rcarmo 1h ago 0 comments

Improving Cursor Tab with RL (cursor.com)

3 points by rashadphil 1h ago 0 comments

Vector database that can index 1B vectors in 48M (vectroid.com)

13 points by mathewpregasen 1h ago 3 comments

The second wave of MCP: Building for LLMs, not developers (vercel.com)

2 points by emersonmacro 1h ago 0 comments

Show HN: An MCP Gateway to block the lethal trifecta

27 76SlashDolphin 9 9/12/2025, 3:22:00 PM github.com ↗
Hi there, me and some friends were inspired by Simon Willison's recent post on the "lethal trifecta" (https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/ ) and started building a gateway to defend against it.

The idea: instead of connecting an LLM directly to multiple MCP servers, you point them all through a Gateway.

The Gateway:

- Connects to each MCP server and inspects their tools + requirements

- Classifies tools along the "trifecta" axes (private data access, untrusted content, external comms)

- When all three conditions are about to align in a single session, the Gateway blocks the last step and tells the LLM to show a warning instead.

That way, before anything dangerous can happen, the user is nudged to review the situation in a web dashboard.

We'd love for the HN community to try it out: https://github.com/Edison-Watch/open-edison

Any feedback very welcome - we'll be around in the thread to answer questions.

Comments (9)

bradleybuda · 8m ago
I think the "lethal trifecta" framing is useful and glad that attempts are being made at this! But there are two big, hard-to-solve problems here:

1. The "lethal trifecta" is also the "productive trifecta" - people want to be able to use LLMs to operate in this space since that's where much of the value is; using private / proprietary data to interact with (do I/O with) the real world.

2. I worry that there will soon be (if not already) a fourth leg to the stool - latent malicious training within the LLMs themselves. I know the AI labs are working on this, but trying to ferret out Manchurian Candidates embedded within LLMs may very well be the greatest security challenge of the next few decades.

doctoboggan · 9m ago
Wouldn't the LLM running in the gateway also be susceptible to the same jailbreaks?
aaronharnly · 54m ago
"without risk", "solves", and "Guaranteed" are big words – you might want to temper them.
76SlashDolphin · 32m ago
Fair criticism! We wrote the Readme earlier on when we were still ironing out the requirements. I'll fix it up shortly.
noddingham · 40m ago
Agreed. If someone could help answer the question of "how" I'd appreciate it. I'm currently skeptical but not sure I'm knowledgeable enough to prove myself right or wrong.

But, it just seems to me that some of the 'vulnerabilities' are baked in from the beginning, e.g. control and data being in the same channel AFAIK isn't solvable. How is it possible to address that at all? Sure we can do input validation, sanitization, restrict access, etc. ,etc., and a host of other things but at the end of the day isn't it still non-zero chance that something is exploited and we're just playing whack-a-mole? Not to mention I doubt everyone will define things like "private data" and "untrusted" the same. uBlock tells me when a link is on one of it's lists but I still click go ahead anyways.

76SlashDolphin · 25m ago
At least in its current state we just use an LLM to categorise each individual tool. We don't look at the data itself, although we have some ideas of how to improve things, as currently it is very "over-defensive". For example, if you have the filesystem MCP and a web search MCP, open-edison will block if you perform a filesystem read, a web search, and then a filesystem write. Still, if you rarely perform writes open-edison would still be useful for tracking things. The UX is such that after an initial block you can make an exception for the same flow the next time it occurs.
daveguy · 17m ago
Well, I guess 80-90% protective is better than nothing. Better might be a lock that requires positive confirmation by the user.
76SlashDolphin · 5m ago
It is possible to configure it like that - when a trifecta is detected, it is possible for the gateway to wait for confirmation before allowing the last MCP call to proceed. The issue with that MCP clients are still in early stages and some of them don't like waiting for a long time until they get a response and act in weird or inconvenient ways if something times out (some of them sensibly disable the entire server if a single tool times out, which in our case disables the entire gateway and therefore all MCP tools). As it is, it's much better to default to returning a block message, and emit a web notification from the gateway dashboard to get the user to approve the usecase, then rerun their previous prompt.
warthog · 2h ago
Seen a hack using whatsapp mcp recently - this seems promising