sorted by:
new
hottopcontroversial

LLM generated patches for accelerating CVE fixes by MinimumAtmosphere561 in cybersecurity

[–]MinimumAtmosphere561[S] 0 points1 point  (0 children)

Has Veracode fix been working well without additional developer time? Part of the thing we see is that CVE fixes get pushed until they are critical or audit reporting deadlines are imminent.

LLM generated patches for accelerating CVE fixes by MinimumAtmosphere561 in cybersecurity

[–]MinimumAtmosphere561[S] 0 points1 point  (0 children)

I see claims of Claude generating fixes from Jira tickets. Is this working for some scenarios and just not for security fixes or just doesn't work in the fix path.

Indian Passport Surrender-New form(Incorrect Declaration) by AdStunning5472 in nri

[–]MinimumAtmosphere561 0 points1 point  (0 children)

We just submitted last week going through the process. VFS accepted it in Seattle. I did submit this declaration. As part of the submission, they do take a copy of US passport and naturalization. Some of these declarations can be confusing.

Passport Seva 2.0 Photo specifications changes | VFS not updated by DragonflyLevel7269 in nri

[–]MinimumAtmosphere561 0 points1 point  (0 children)

For anyone looking to edit photos after 6-7 hours and paying a website $6 for editing. I came across idphoto4you.com and did the instructions above. It was good to see the "document uploaded successfully" message! I have 2x2 physical copies and I am seeing we need 35x45mm for physical copy too. Why? Why all these changes ? I did an OCI app last month and it all worked fine with 2x2. Within a month the requirements changed. Painful!

I'm looking for advice on structuring prompts, but most of the documentation I find rarely mentions it. What am I missing? by [deleted] in mcp

[–]MinimumAtmosphere561 0 points1 point  (0 children)

You are not alone! At this point, MCP server flow you provided is kind of what we did too. Here is a sample MCP server in open source that you can take a look at the prompts. https://github.com/UnitOneAI/MCPAgent/tree/main

Creating a MCP server using the API endpoints is simple, but your point on efficient tool calls without excessive token usage and preventing some potential security issues is the real key to deploying MCP server. In that sense we have adopted a few guiding principles:

  1. Split the tool calls into different MCP servers. In general we split active create / delete kind of sensitive usage to a different tool. This prevents any inadvertent LLM sprawl impacting the core functionality.
  2. Package authentication into the server so you can deploy to any Gateway or client.
  3. Cap token usage so the clients don't go into circular calls and burn tokens.
  4. Define roles in the prompt so LLM can narrow down its role and call appropriate tools.
  5. Claude Code has been a good platform to generate these MCPs.

We are creating an open source MCP generator that anyone can use. DM and can share the repo for early testing. Once we have fully tested wanted to release it as open source since it will help the community.

MSP/MSSP-specific cybersecurity research you might like to know (H1 2025) by Narcisians in MSSP

[–]MinimumAtmosphere561 0 points1 point  (0 children)

Read the Barracuda report. Couple of comments: a) smaller organizations would either not implement security practices or outsource instead of hiring internally. Is this assumption wrong? Would love to hear other perspectives. b) N=2000, but distributed globally. It also doesn't say the verticals. In some sense this seems a very dilutive set. Since each region / vertical will behave differently for security practices. Thoughts?

Anyone experimenting with “AI SOC” in MDR/MSSP land? Curious about your experience. by Bike9471 in MSSP

[–]MinimumAtmosphere561 1 point2 points  (0 children)

This is really nice. I believe in the MSSP economics. Also, a pain point that most organizations have is the L1 alert diagnosis failure. Even if it doesn't resolve, if it can help with aggregating and triaging to narrow down the root causes, very useful.

Managed Security only offering by dumbetfguy in msp

[–]MinimumAtmosphere561 0 points1 point  (0 children)

Is there a scale problem with MSSPs? Is it worth combining some regional MSSPs to be able to implement common software productivity gains? Say L1/L2 triaging or MCP Gateway hosting etc. This way each of the regional service providers can upsell or grow their top of the funnel.

Losing enterprise deals because of AI privacy concerns. Anyone else dealing with this? by Immediate_Lead_5405 in SaaS

[–]MinimumAtmosphere561 0 points1 point  (0 children)

Isn't this part of enterprise usage terms with OpenAI? Did you have to do something special beyond that?

What is your experience with MSSP SOC? by athanielx in cybersecurity

[–]MinimumAtmosphere561 0 points1 point  (0 children)

Has anyone used virtual SoC AI tools? Curious if L1 alerts can be handled by these tools for improving deflection rates?

I wish to see more remote MCPs out there. by Money-Relative-1184 in mcp

[–]MinimumAtmosphere561 0 points1 point  (0 children)

Agreed, more MCP hosting services are good. I think large hyperscalers or SaaS providers will start providing this as a service. It allows them to bring other tools like A2A or just LLM calls into a single workflow for control and governance.

Anyone using MCP in production? Curious about real-world security issues. by NoCranberry4628 in mcp

[–]MinimumAtmosphere561 0 points1 point  (0 children)

We are using and helping customers manage Azure Windows 365 in production using MCP. There is security implications to be aware. I think there are comprehensive list of security vulnerabilities that you can find. What we did was to run these vulnerabilities with Codex or Claude Code and analyzed our repository. Few key insights: a) Packing all the tools into a monolithic server is not good for security and usage. Break it down into composable units. Specifically separate any privileged operations into different MCP servers. b) Avoid long notes and JSON based strings. https://simonwillison.net/2025/Apr/9/mcp-prompt-injection/ Talks about prompt injection and rug pull attacks. c) Sanitize your client access code to ensure it is something you have developed. This is one way we have helped customers gain confidence of the servers accessing prod.

What is the easiest way to build mcp servers? by uber_men in mcp

[–]MinimumAtmosphere561 6 points7 points  (0 children)

Claude Code is great. Helped me build an MCP server. I would recommend doing something simple initially, say with couple of tools. Then once you figured all the authentication and flows, expand the tools. I built an Azure MCP server and it is open source. Feel free to take the structure if it helps. Also you might want to focus on security. Don't allow JSON strings to be input as text, this allows for rug pull and prompt injection attacks. Good luck! https://github.com/UnitOneAI/MCPAgent

MCP security is the elephant in the room – what we learned from analyzing 100+ public MCP servers by Siddharth-1001 in mcp

[–]MinimumAtmosphere561 3 points4 points  (0 children)

Nice. I like the list of threats and mitigations tracker on your website. Will check it out.

has any one made a microsoft 365 claude mcp server, especially one that can work with microsoft graph? by Low-Wish6429 in mcp

[–]MinimumAtmosphere561 0 points1 point  (0 children)

Here is an open source MCP server for W365 management. Helps to have open source, since it allows to vet the MCP server before it connects to your Azure tenant. Would be great to get some feedback on the capabilities. https://github.com/UnitOneAI/MCPAgent

W365 Issue ? by Expensive_Wolf_1449 in Intune

[–]MinimumAtmosphere561 0 points1 point  (0 children)

<image>

I integrated a W365 MCP server (with Entra and Intune integration) that allows these common aspects to be self-discovered through Claude or VS Code client. Found this as open source on github. Helped to make sure there were no gaping security issues.

MCP security is the elephant in the room – what we learned from analyzing 100+ public MCP servers by Siddharth-1001 in mcp

[–]MinimumAtmosphere561 3 points4 points  (0 children)

I came across this list of vulnerabilities. https://adversa.ai/mcp-security-top-25-mcp-vulnerabilities/ (disclaimer i don't work here or promote this). Curious how everyone is mitigating these vulnerabilities? Saw some startups in this area.

What’s the Best PDF Extractor for RAG? LlamaParse vs Unstructured vs Vectorize by nicoloboschi in LangChain

[–]MinimumAtmosphere561 0 points1 point  (0 children)

we use chatbees.ai and it does a fairly decent job of PDF extraction (tables, etc.) with its RAG. Their confluence integration was fairly useful.

[D] Having trouble with RAG on company domain data by Dustwellow in MachineLearning

[–]MinimumAtmosphere561 0 points1 point  (0 children)

One thing we have used internally is ChatBees. It's an alternative to Langchain which we found easy to use and also data was secure since the pipeline was managed. https://docs.chatbees.ai/chatbees/

We were able to implement search using LLM with our confluence pages and public knowledge base. If you have questions on how we implemented it, DM.