frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Show HN: MCP Security Suite

https://github.com/NineSunsInc/mighty-security
14•jodoking•2h ago
Hi HN!

We kept seeing devs get pwned through MCP tools in ways that security scanners completely miss. So we built an open-source analyzer to catch these attacks. Our first OSS by Mighty team.

The problem: At Defcon, we saw MCP exploits with 100% success rate against Claude and Llama. Three attack patterns:

Hidden Unicode in "error messages" - Paste a colleague's error into Claude, your SSH keys get exfiltrated Trusted tool updates - That database tool you've used for months? Last week's update added credential theft Tool redefinition - Malicious tool redefines "deploy to prod" to run attacker's script

Traditional scanners (CodeQL, SonarQube) catch <15% of these. They're looking for SQLi, not prompt injections hidden in tool descriptions.

What we built: git clone https://github.com/NineSunsInc/mighty-security

python analyzers/comprehensive_mcp_analyzer.py /path/to/your/mcp/tool

Scans for prompt injection, credential exfil, suspicious updates, tool shadowing. Runtime wrapper adds <10ms overhead. Fully local, no telemetry.

Why this matters: 43% of MCP tools have command injection vulns. GitHub's own MCP server was exploitable. We found Fortune 500s running database-connected MCP tools that hadn't been audited since installation. We went from paranoid code review to "AI said it works" in 18 months. The magic is real, but so are the vulnerabilities.

Demo: https://www.loom.com/share/e830c56d39254a788776358c5b03fdc3

GitHub: https://github.com/NineSunsInc/mighty-security

Would love feedback - what MCP security issues have you seen?

Comments

Munam•2h ago
Helped to build this out a little bit. Was really cool to get to play with Cerberus for the first time as well.

I'm really interested in learning more about how devs integrate MCP security into their routine code evals.

I think there's a big opportunity as a space to get tools like this into CI/CD pipelines and workflows.

Happy to answer any questions and happy to hear any feedback!

Thanks for checking it out :)

jodoking•2h ago
Appreciate the interest and the first comments man. We like how fast Cerebras is and its importance to making the scanning fast! Yeah we have thought about this being part of dev workflow via Github Actions and locally for the dev environment too. Love to hear what you are building!
IMAYousaf•2h ago
This is definitely valuable. I started paying attention to MCP security vulnerabilities largely because of Defcon. I believe that they largely focused on Agentic Security as a theme this time around.

It's a bit mind blowing how we've simply accepted non-technical people within orgs in particular executing code to "automate their tasks" without the same level of rigor that normal code reviews go through. Definitely think that this is a cultural issue that we must fix.

And these MCP vulnerabilities in particular seem much scarier because almost all MCP tools require an insane amount of permissions.

jodoking•2h ago
I know right? I mean the timing is great. I love MCP but cant stand how unsafe it is. I think there are greatness ahead if we are able to fix this security issue. This was made around the idea to be as seamless as possible, as we built a dashboard, drop in a GH project MCP server link, and have a local DB to show what you ran. We have more great things ahead. But give it a try and let us know what you think!
jelambs•2h ago
this is super interesting! MCP is really exciting in terms of what it can unlock for agent use cases, but still the wild west in terms of security. I was on a panel discussion yesterday where this topic came up, basically how do you trust the use of AI tools when so much is still unknown. I think the the idea of using something open source and tool agnostic is appealing, the landscape is evolving so fast that horizontal solutions like this feel valuable. Although I wish clients, anthropic, cursor, etc would build more protections in too so that we didn't have to spend so much time thinking about this. but they've barely implemented remote mcp support so I think we have a ways to go.
ripley12•1h ago
I work in this space and I was not able to understand how this project works in a couple minutes. The README feels LLM-generated. I think you're supposed to point this at your MCP server's code and not the server itself, is that right?
simonw•1h ago
I found this file full of regular expressions: https://github.com/NineSunsInc/mighty-security/blob/28666b36...

And this with prompts: https://github.com/NineSunsInc/mighty-security/blob/89e4b319...

Are you running any other tests that I missed?

simonw•1h ago
> Would love feedback - what MCP security issues have you seen?

For me the number one problem with MCP security is the lethal trifecta - the fact that it's so easy to combine MCPs from different vendors (or even from the same vectors) that provide exposure to potentially untrusted/malicious instructions in a way that can then trigger exfiltration of private data.

https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

https://simonwillison.net/2025/Aug/9/bay-area-ai/

I don't know how we can solve this with more technology - it seems to me to be baked into the very concept of how MCP works.

tptacek•15m ago
I'm going to pick a fight on this one; I think you know I'm a fan, so take this in the spirit I intend†.

My contention is that "lethal trifecta" is the AI equivalent of self-XSS. It's not apparent yet, because all this stuff is just months old, but a year from now we'll be floored by the fact that people just aimed Cursor or Claude Code at a prod database.

To my lights, the core security issue with tool/function calling in agents isn't MCP; it's context hygiene. Because people aren't writing their own agents, they're convinced that the single-visible-context-window idiom of tools like Cursor are just how these systems work. But a context is just a list of strings. You can have as any of them in an agent as you want.

Once you've got untrusted data hitting one context window, and sensitive tool calls isolated in another context window, the problem of securing the system isn't much different than it is with a traditional web application; some deterministic code that a human reviewed and pentested mediates between those contexts, transforming untrusted inputs into trustable commands for the sensitive context.

That's not a trivial task, but it's the same task as we do now when, for instance, we need to generate a PDF invoice in an invoicing application. Pentesters find vulnerabilities in those apps! But it's not a news story when it happens, so much.

† More a note for other people who might thing I'm being irritable. :)

We rewrote the Ghostty GTK application

https://mitchellh.com/writing/ghostty-gtk-rewrite
74•tosh•1h ago•21 comments

Gemma 3 270M: Compact model for hyper-efficient AI

https://developers.googleblog.com/en/introducing-gemma-3-270m/
469•meetpateltech•6h ago•189 comments

Streaming services are driving viewers back to piracy

https://www.theguardian.com/film/2025/aug/14/cant-pay-wont-pay-impoverished-streaming-services-are-driving-viewers-back-to-piracy
250•nemoniac•5h ago•246 comments

Steve Wozniak: Life to me was never about accomplishment, but about happiness

https://yro.slashdot.org/comments.pl?sid=23765914&cid=65583466
376•MilnerRoute•4h ago•257 comments

Org-social is a decentralized social network that runs on Org Mode

https://github.com/tanrax/org-social
87•tanrax•1d ago•37 comments

Your Mac Game Is Probably Rendering Blurry

https://www.colincornaby.me/2025/08/your-mac-game-is-probably-rendering-blurry/
17•bangonkeyboard•30m ago•0 comments

Airbrush art of the 80s was Chrome-tastic (2015)

https://www.coolandcollected.com/airbrush-art-of-the-80s-was-chrome-tastic/
32•Michelangelo11•2h ago•5 comments

I made a real-time C/C++/Rust build visualizer

https://danielchasehooper.com/posts/syscall-build-snooping/
152•dhooper•6h ago•44 comments

OneSignal (YC S11) Is Hiring Engineers

https://onesignal.com/careers
1•gdeglin•1h ago

Show HN: OWhisper – Ollama for realtime speech-to-text

https://docs.hyprnote.com/owhisper/what-is-this
76•yujonglee•6h ago•25 comments

New protein therapy shows promise as antidote for carbon monoxide poisoning

https://www.medschool.umaryland.edu/news/2025/new-protein-therapy-shows-promise-as-first-ever-antidote-for-carbon-monoxide-poisoning.html
201•breve•10h ago•47 comments

What's the strongest AI model you can train on a laptop in five minutes?

https://www.seangoedecke.com/model-on-a-mbp/
473•ingve•2d ago•171 comments

DINOv3

https://github.com/facebookresearch/dinov3
34•reqo•2h ago•7 comments

Architecting large software projects [video]

https://www.youtube.com/watch?v=sSpULGNHyoI
64•jackdoe•2d ago•29 comments

Blood oxygen monitoring returning to Apple Watch in the US

https://www.apple.com/newsroom/2025/08/an-update-on-blood-oxygen-for-apple-watch-in-the-us/
305•thm•9h ago•222 comments

Show HN: I built a free alternative to Adobe Acrobat PDF viewer

https://github.com/embedpdf/embed-pdf-viewer
131•bobsingor•7h ago•33 comments

Where Are All the Tourists from 3025?

https://arxiv.org/abs/2508.09157
6•warrenm•1h ago•4 comments

Homekit-steam-user-switcher: A way to remotely switch Steam users using HomeKit

https://github.com/rcarmo/homekit-steam-user-switcher
17•rcarmo•3d ago•1 comments

Lambdas, Nested Functions, and Blocks

https://thephd.dev/lambdas-nested-functions-block-expressions-oh-my
11•zaikunzhang•2d ago•2 comments

All Souls exam questions and the limits of machine reasoning

https://resobscura.substack.com/p/all-souls-exam-questions-and-the
38•benbreen•1d ago•19 comments

Reverse Proxy Deep Dive: Why Load Balancing at Scale Is Hard

https://startwithawhy.com/reverseproxy/2025/08/08/ReverseProxy-Deep-Dive-Part4.html
38•miggy•3d ago•2 comments

Launch HN: Cyberdesk (YC S25) – Automate Windows legacy desktop apps

49•mahmoud-almadi•7h ago•33 comments

1976 Soviet edition of 'The Hobbit' (2015)

https://mashable.com/archive/soviet-hobbit
234•us-merul•3d ago•78 comments

Bluesky: Updated Terms and Policies

https://bsky.social/about/blog/08-14-2025-updated-terms-and-policies
73•mschuster91•5h ago•99 comments

What does Palantir actually do?

https://www.wired.com/story/palantir-what-the-company-does/
159•mudil•23h ago•127 comments

Show HN: MCP Security Suite

https://github.com/NineSunsInc/mighty-security
14•jodoking•2h ago•9 comments

"Privacy preserving age verification" is bullshit

https://pluralistic.net/2025/08/14/bellovin/
186•Refreeze5224•5h ago•131 comments

How to rig elections [video]

https://media.ccc.de/v/why2025-218-how-to-rig-elections
124•todsacerdoti•10h ago•98 comments

Nyxt: The Emacs-like web browser

https://lwn.net/Articles/1001773/
115•signa11•3d ago•27 comments

500 days of math

https://gmays.com/500-days-of-math/
144•gmays•2d ago•81 comments