It's the vercel way. There have been plenty of experiments leading up to this (even by vercel employees before they joined) but re-packaging it as "the" solution, rather than just a tool renderer from props (tool schema)
OpenAI seems to limit how "hard" your gpt-5-codex can think depending on your subscription plan; whereas Anthropic/Claude only limits how much use you get. I evaluate Codex every month or so with a problem suited to it, but rarely gets merged over a version produced by Charlie (which yes is $500/mo, but rarely causes problems) or something Claude did in a managed or unmanaged session. ymmv
It's a really good platform for Typescript microservices which scale-to-zero (up to very high theoretical limits), but it wouldn't be a platform you'd migrate a monolith PHP app to (for example).
You're describing why reasoning is such a big deal. It can do this freakout in a safe, internal environment, and once it's recent output is confident enough flip into the "actual output" mode.
I don’t think that’s really fair. They are highlighting some pretty serious security flaws in MCP tools that are allowed to do some pretty privileged things.
They don’t even mention their product till the very last section. Overall think it’s an excellent blog post.
> A guardrail can help protect every tool call with a protective layer that blocks malicious or out-of-policy instructions in real time. Here is how to install the GA MCP guard which is open-source and requires no billing.
> $ pip install generalanalysis # install the guard
so if a security researcher comes up with a free open source patch which, presently, is the only available solution then they should just keep that to themselves?
it's an evolving field. if anthropic doesn't have a solution should we just not do anything?
What this "open source patch" does is to set up a proxy server on your machine and route your requests to their server first for moderation.
Do I really need to explain why this is a bad idea? Honestly this post should be flagged by HN as phishing attempt, if anything. (But it won't, as this company is YC-backed...)
> if anthropic doesn't have a solution should we just not do anything?
A solution to what? This article describes a theoretical scenario where a theoretical user misuses a system. If you give LLM tool some permissions, it would do things that are permitted but probably not expected by you. It's a given.
It's like asking Amazon to have a "solution" for users who posts their AWS access tokens online.
The real problem here is the very existence of Stripe MCP. It's a ridiculous idea. I'm all for raising awareness of that, but it's not an excuse to fearmonger readers into adding yet another AI tool onto their tech stack.
Great to see Huggingface stick to their guns with CodeEval and python tooling. Agentic turn-by-turn tool calling is fine and all, but we're underutilising their ability to write an execute code in an "agent-like" environment.
Easy to setup and instant forks for devs was it for me. Felt the pain with dev app state in the past and this took <20 minutes to migrate (beta users only) and go live, and get back to feature work.
Haha I remember that. The solution at the time for many forum admins was to simply state that anyone found to be doing that would be permabanned. Which was enough to make it stop completely, at least for the forums that I moderated. Different times indeed.
reply