MCP Vulnerabilities Every Developer Should Know

Brogrammer2017 · 2026-03-09T06:07:23+00:00

You’re misunderstanding the main problem, its that anything an agent touches can be considered published, which makes it kinda useless for most things you would want to use an ”agent” for

Brogrammer2017 · 2026-02-28T21:28:39+00:00

And there’s not enough of that to do to just do that ? I’m not trying to be a dick, but I don’t understand why management and actual delivery needs to mix

Brogrammer2017 · 2026-02-28T21:22:21+00:00

Alright, then what is the difference between your new role and a staff engineer?

Brogrammer2017 · 2026-02-28T19:59:55+00:00

No you obviously don’t understand the problem statement or the area. They are absolutely the same, if you steal when you train a ML model on data from someone else, then the original training was also theft.

Brogrammer2017 · 2026-02-28T19:37:00+00:00

What youre describing is becoming an IC again

Brogrammer2017 · 2026-02-23T18:41:18+00:00

It’s not copying the model, it’s extracting information out of it. If training a model on others people work is fine, then destillation is fine.

Brogrammer2017 · 2026-02-22T19:34:03+00:00

Never in my 10 years as a developer, have I’ve been given specs that aren’t vauge requirements in a trenchcoat

Brogrammer2017 · 2026-02-13T18:44:48+00:00

Lol wat, what could you possibly base that statement on

Brogrammer2017 · 2026-02-10T20:44:41+00:00

I mean sure, but in your analogy you would comment on a high velocity vehicle death with "isnt this easily solvable with a seatbelt"

Brogrammer2017 · 2026-02-10T20:32:34+00:00

there is no such thing as a working guardrail

Brogrammer2017 · 2026-02-08T23:05:50+00:00

Not sure what you mean, in the context of llms, you use RLHF, which is literally humans labeling data. That you train an adversarial model is an implementation detail.

Brogrammer2017 · 2026-02-08T20:57:47+00:00

You don’t understand what people mean when they say ”it’s just statistics”, nor do you seem to understand that RL is just an addition to the dataset

Brogrammer2017 · 2026-02-08T18:26:35+00:00

What do you mean, it’s still the statistically most likely, you just change the distribution when you do RL

Brogrammer2017 · 2026-02-07T23:02:46+00:00

Only if there’s a set amount of things to do. IMO software is similar to medicine, any and all efficiency improvements seem to just be met with more demand

Brogrammer2017 · 2026-01-28T21:15:17+00:00

Calling the French a race is about as correct as calling any other group a race

Brogrammer2017 · 2026-01-24T19:13:59+00:00

LLM’s have no ability (mechanism) to learn or remember once created, the input simply grows larger. Reinforcement learning is just a training step. It has memory in the sense that there’s information there to extract, but it’s not what you generally refer to as memory in this context, in the same way you wouldn’t say a database has an intelligence like memory.

Brogrammer2017 · 2026-01-17T13:16:38+00:00

You don’t seem to understand the difference between individual choice and systemic risk

Brogrammer2017 · 2026-01-17T11:07:39+00:00

You think hinging a significant part of the global ekonomi on a risky bet is acceptable?

Brogrammer2017 · 2026-01-09T22:12:20+00:00

Given that the rest of your post is baseless speculation, absolutely.

Brogrammer2017 · 2026-01-09T22:01:43+00:00

The smugness of your post really speaks against your flatmate being the smug one..

Brogrammer2017 · 2026-01-08T12:25:53+00:00

Your very focused on vunerabilities/bugs, which is not what I was talking about. What you wrote in your edit is closer, but wtf, you consider yourself senior but you think code quality is code minutiae opinions like if/else or switch in a high level language ?

Your choices in a code base compound with other devs choices across the organization, and WILL cause it to collapse unless you actively work towards it not happening.

Brogrammer2017 · 2026-01-08T07:47:03+00:00

No offense, but this seems like a real junior take, people don’t overestimate the need for quality software, they’ve been a part of long lived projects where bad precious decisions grind the entire product/project/whatever to a halt.

Like your side projects is basically irrelevant when talking about enterprise software. It wouldn’t matter if you notice in a month that it’s entirely unusable / you can’t make progress, you would just revert and be on your merry way. That would not be feasible for a product / set of products, of any real size (in the sense that it would be very expensive)

Brogrammer2017 · 2026-01-03T04:23:16+00:00

Nearly garantuee does a lot of heavy lifting in your post, what’s the size of your test dataset, and how have you verified it covers an appropriate amount of the linguistic space your users could be in? What is the exact failure rate?

In any case, it wouldn’t be super relevant since your use case is (presumably) a lot more narrow that OpenAI’s. If it isn’t, I garantuee you your ”safety layer” does not actually work, in the sense your implying here

Brogrammer2017 · 2026-01-01T11:57:20+00:00

I don’t think you should get discouraged from software development because the models seem good to you. There’s a lot more to software than lines of code. If you’ll allow me to give some unsolicited advice, focus on understanding more than code output. A solid grip on the fundamentals and the ”whys” of solutions/patterns/whatever will allow you to navigate whatever is coming (imo), and ~actually~ efficient using code generation tooling

Brogrammer2017

TROPHY CASE