https://www.koi.security/blog/postmark-mcp-npm-malicious-backdoor-email-theft -- sneaky!
The most salient bits: > We CAN'T know. We can't predict it. And when it happens? Most of us won't even notice until it's way too late. > There's literally no security model here. No sandbox. No containment. Nothing. > We're handing god-mode permissions to tools built by people we don't know, can't verify, and have no reason to trust. And to correct the title a bit - it's the first detected malicious MCP in the wild.
Interesting, but what makes MCP servers special here? from all the other software we use and trust with our databases, emails, personal info, whatever
@jpmonettas True, and the article mentions that as a general issue for us (software developers) using "random" software from strangers on the Internet...
one thing could be the rush because of the hype, and less time for communities to check for software
I think for a lot of interesting software there is normally the reputation of someone behind it that isn't worth losing because of something like this, which makes small libraries/software I guess more dangerous in this respect. This is probably harder in small communities like Clojure. But I have added random jars from maven central to my libraries in the past for some small thing without checking anything he
The difference is simply the quality bar. It's more about the practices. The promise of AI is that you can have your PMs and such build or set up some software on their own and gain efficiency. So you have people on their personal computers connecting to random MCPs and so on, vibe coding apps that manipulate customer and business private information and so on. If you need to go back to having a proper environment, with DevOps practices around it, security reviews, engineering containerization and safe data handling, and so on.... You'd lose back all the efficiency and cost benefits.
That said, there's been some poorly engineered SaaS as well, and that have had easy hacks and leaks. So it's not immune. But the tougher barrier to entry probably means it's less of a risk.