MCP and Agent security with Luke Hinds

The text discusses the development of No-NO, a security tool created by Always Further, a startup focused on addressing vulnerabilities in AI agents and models. No-NO leverages kernel-based sandboxing to isolate processes, preventing data exfiltration, unauthorized file access, and destructive actions like rm -rf, using a deny-by-default model and hardware security enclaves (e.g., Apples Secure Enclave). Designed for speed and simplicity, it contrasts with Docker by enabling near-instant startup times and minimal user configuration, though it is not intended as a replacement but a complementary tool for specific use cases. The tool also incorporates restricted commands, time-based command allocation, and rollback mechanisms to mitigate risks like accidental deletions or unauthorized API interactions.

Broader challenges in AI security are highlighted, including the unpredictability of AI agents (e.g., bypassing sandboxing) and vulnerabilities in MCP servers (Model-Controller-Proxy), which enable AI models to execute external functions. Risks include supply chain vulnerabilities in open-source tools, prompt injection attacks, and the merged control/data architecture of large language models (LLMs), which make them susceptible to social engineering and data leaks. Historical parallels are drawn to early hacking exploits, such as the "2600 Hz" phone fraud, emphasizing the persistent difficulty of securing systems against autonomous, high-dimensional threats. The text also stresses the need for collaborative solutions, education in secure development practices, and tools that balance simplicity for non-experts with customization options for professionals, while addressing the growing gap between rapid AI innovation and robust security frameworks.