AI Conundrum: Why MCP Security Can't Be Patched Away
RSAC Conference Preview: MCP introduces security risks into LLM environments that are architectural and not easily fixable, researcher says.
Could not retrieve the full article text.
Read on Dark Reading →Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
reviewresearchconference
Am I the baddie?
I am a software engineer. I work for a company that makes software for road construction. Monday last week we were under a bad crunch and we were told to start using agentic workflows. We had like 50 tickets to close by the following Tuesday. I’ve been experimenting with ai development for years now, but this was different. I had access to Opus/Sonnet 4.6, and GPT5.4—the latest models. Suddenly, they understood. I could talk about abstract concept’s and analogies, and it got them. I was soon working through tickets the first day in hours, what would have taken me days. But we still had a ton of work and not enough time. I was still bound to a single thread of work at a time. So like any problem, I hacked around it. I started with a worktree, where it basically creates a whole other copy of
Migration and Modernisation with Kiro CLI
Background Once upon a time, there was a developer who needed to keep updating the dependencies of each tool/product/software. There is a dependabot which still helpful for updating minor versions. However, it will need a manual update/migration whenever a major version comes. Migrating to a major version is frustrating for me if I need to update it in bulk. Updating only one app is pretty fine, but how about multiple apps? I believe we will stop doing it. AI Era The AI (Artificial Intelligence) era has come. Much automation can be achieved by AI. I have a good belief that I can migrate much more easily whenever I use AI. Not like the old age, which needs many manual changes, especially the breaking changes! Migration as Vibes I'm starting the migration as vibes. So, I only put a simple pr
Common advice #3: Asking why one more time
Written quickly as part of the Inkhaven Residency . At a high level, research feedback I give to more junior research collaborators tends to fall into one of three categories: Doing quick sanity checks Saying precisely what you want to say Asking why one more time In each case, I think the advice can be taken to an extreme I no longer endorse. Accordingly, I’ve tried to spell out the degree to which you should implement the advice, as well as what “taking it too far” might look like. Previously, I covered doing quick sanity checks and saying what you want to say precisely . I’ll conclude these posts by talking about probably the hardest to communicate category of common advice: asking why one more time. Asking why one more time In my opinion, the most important skill in empirical research
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Research Papers
Are Finer Citations Always Better? Rethinking Granularity for Attributed Generation
arXiv:2604.01432v1 Announce Type: new Abstract: Citation granularity - whether to cite individual sentences, paragraphs, or documents - is a critical design choice in attributed generation. While fine-grained citations are often preferred for precise human verification, their impact on model performance remains under-explored. We analyze four model scales (8B-120B) and demonstrate that enforcing fine-grained citations degrades attribution quality by 16-276% compared to the best-performing granularity. We observe a consistent performance pattern where attribution quality peaks at intermediate granularities (paragraph-level). Our analysis suggests that fine-grained (sentence-level) citations disrupt necessary semantic dependencies for attributing evidence to answer claims, while excessively
The power of context: Random Forest classification of near synonyms. A case study in Modern Hindi
arXiv:2604.01425v1 Announce Type: new Abstract: Synonymy is a widespread yet puzzling linguistic phenomenon. Absolute synonyms theoretically should not exist, as they do not expand language's expressive potential. However, it was suggested that even if synonyms denote the same concept, they may reflect different perspectives or carry distinct cultural associations, claims that have rarely been tested quantitatively. In Hindi, prolonged contact with Persian produced many Perso-Arabic loanwords coexisting with their Sanskrit counterpart, forming numerous synonym pairs. This study investigates whether centuries after these borrowings appeared in the Subcontinent their origin can still be distinguished using distributional data alone and regardless of their semantic content. A Random Forest tr
Assessing Pause Thresholds for empirical Translation Process Research
arXiv:2604.01410v1 Announce Type: new Abstract: Text production (and translations) proceeds in the form of stretches of typing, interrupted by keystroke pauses. It is often assumed that fast typing reflects unchallenged/automated translation production while long(er) typing pauses are indicative of translation problems, hurdles or difficulties. Building on a long discussion concerning the determination of pause thresholds that separate automated from presumably reflective translation processes (O'Brien, 2006; Alves and Vale, 2009; Timarova et al., 2011; Dragsted and Carl, 2013; Lacruz et al., 2014; Kumpulainen, 2015; Heilmann and Neumann 2016), this paper compares three recent approaches for computing these pause thresholds, and suggest and evaluate a novel method for computing Production
[R], 31 MILLIONS High frequency data, Light GBM worked perfectly
We just published a paper on predicting adverse selection in high-frequency crypto markets using LightGBM , and I wanted to share it here because the findings are directly relevant to anyone dealing high frequency data and machine learning The core problem we solved: Every market maker's nightmare — getting picked off by informed traders right before a big move. We built a model that flags those toxic seconds before they wreck you. The data: - 31,081,463 second-level observations of BTC/USDT perpetual futures on Bybit - February 2025 → February 2026 (381 raw daily files) - Strict walk-forward regime, zero lookahead bias The key results (this is the part that shocked us): Our TailScore metric — which combines predicted toxicity probability with predicted price move severity — flags the top
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!