(www.generalanalysis.com)

780 points rexpository | 2 comments | 08 Jul 25 17:46 UTC | HN request time: 0s | source

1. wunderwuzzi23 ◴[09 Jul 25 00:55 UTC] No.44505356[source]▶

Mitigations also need to happen on the client side.

If you have a AI that automatically can invoke tools, you need to assume the worst can happen and add a human in the loop if it is above your risk appetite.

It's wild how many AI tools just blindly invoke tools by default or have no human in loop feature at all.

replies(1): >>44508457 #

2. nijave ◴[09 Jul 25 10:58 UTC] No.44508457[source]▶

>>44505356 (TP) #

Or give them access to appropriately permissioned tools and not superuser/admin/service accounts that can access everything

↑

Supabase MCP can leak your entire SQL database