Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Hah, yeah that's the exact same vulnerability - looks like Neon's MCP can be setup for read-write access to the database, which is all you need to get all three legs of the lethal trifecta (access to private data, exposure to malicious instructions and the ability to exfiltrate).


Here's another one we found related to the lethal trifecata problem in AI Email clients like Shortwave that have integrated MCPs - https://www.tramlines.io/blog/why-shortwave-ai-email-with-mc...




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: