alt Hacker NewsIt's significantly more difficult to secure random clis than those apis. All llm tools today bypass their ignore files by running commands their harness can't control.
Replies
krzyk • yesterday at 1:13 PM
I don't think so. There is no MCP standard for authentication, our infosec banned MCP because of that.
➕ show 1 reply
otabdeveloper4 • yesterday at 9:18 AM
Just use a custom PATH and run in a chroot jail.
CLI sandboxing is a solved problem compared to whatever MCP is.
I'm fuzzy when we're talking about what makes an LLM work best because I'm not really an expert. But, on this question of securing/constraining CLIs and APIs? No. It is not easier to secure an MCP than it is a CLI. Constraining a CLI is a very old problem, one security teams have been solving for at least 2 decades. Securing MCPs is an open problem. I'll take the CLI every time.