MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
mcp
Recherche

Can an MCP-Powered AI Client Automatically Hack a Web Server?

dimanche 11 mai 2025, 16:34 , par Slashdot
Can an MCP-Powered AI Client Automatically Hack a Web Server?
Exposure-management company Tenable recently discussed how the MCP tool-interfacing framework for AI can be 'manipulated for good, such as logging tool usage and filtering unauthorized commands.' (Although 'Some of these techniques could be used to advance both positive and negative goals.')

Now an anonymous Slashdot reader writes: In a demonstration video put together by security researcher Seth Fogie, an AI client given a simple prompt to 'Scan and exploit' a web server leverages various connected tools via MCP (nmap, ffuf, nuclei, waybackurls, sqlmap, burp) to find and exploit discovered vulnerabilities without any additional user interaction

As Tenable illustrates in their MCP FAQ, 'The emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates are good news for AI developers, they raise some security concerns.' With over 12,000 MCP servers and counting, what does this all lead to and when will AI be connected enough for a malicious prompt to cause serious impact?

Read more of this story at Slashdot.
Lire la suite sur Slashdot
https://it.slashdot.org/story/25/05/11/0027236/can-an-mcp-powered-ai-client-automatically-hack-a-web...

Voir aussi

mcp ICE’s Deportation Airline Hack Reveals Man ‘Disappeared’ to El Salvador Wired: Tech.10 May
server Netflix Debuts Gen AI-Powered Search Tool, Tests Vertical Videos For Mobile Slashdot 8 May
web Silence Speaks Has Created AI-Powered Signing Avatars for the Deaf Wired: Tech. 7 May
client Amazon unveils Vulcan, a package sorting, AI-powered robot with a sense of touch BetaNews 7 May
good Ubuntu Linux swapping classic sudo for Rust-powered sudo-rs BetaNews 7 May
mcp-powered Computacenter IT guy let girlfriend into Deutsche Bank server rooms, says fired whistleblower TheRegister 6 May
slashdot Microsoft Unveils AI-Powered Overhaul for Windows 11 Slashdot 6 May
prompt Using AI-powered email classification to accelerate help desk responses InfoWorld 6 May
security Apple, Anthropic Team Up To Build AI-Powered 'Vibe-Coding' Platform Slashdot 2 May
these House Votes To Block California's Ban On New Gas-Powered Vehicles In 2035 Slashdot 1 May
connected “I use zip bombs to protect my server” OS News30 Apr
tenable New MCP server uses AI to help enterprises secure SaaS BetaNews30 Apr
hack Apiiro launches AI-powered risk analysis map for software InfoWorld30 Apr
automatically WhatsApp prépare une nouveauté majeure pour le client web Génération-NT29 Apr
ai-powered Microsoft will start charging for Windows Server hotpatch updates in two months BetaNews29 Apr
mcp Microsoft previews SignalR client for iOS InfoWorld28 Apr
server What the **** did you put in that code? The client thinks it's a cyberattack TheRegister28 Apr
web Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 TheRegister28 Apr
client Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions TheRegister25 Apr
good Google reveals ZAPBench to predict brain activity in zebrafish and unlock new AI-powered neuroscience research BetaNews24 Apr
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
mar. 13 mai - 08:27 CEST