https://news.ycombinator.com/user?id=kyllingHacker News RSShttps://hnrss.org/hnrss v2.1.1Sat, 30 May 2026 19:40:29 +0000The parent suggests MCP as a way to secure credentials and enforce guardrails, and sibling comments iterate on this. I might be reading a bit between the lines with my comment, but did not intend to derail the discussion.

]]>Sat, 30 May 2026 18:27:51 +0000https://news.ycombinator.com/item?id=48339266kyllinghttps://news.ycombinator.com/item?id=48339266https://news.ycombinator.com/item?id=48339266It is crazy how the preferred way or securing AI are vibe coded MCP servers which at the same time do access control, credentials handling and HTTP server/client boilerplate. Want to use a new API: just vibe code a new MCP you won't fully review. It is hardly better than yoloing. The security critical parts needs to leave MCP and be integrated with, or be in front of, the API in a way humans will understand and review.

]]>Sat, 30 May 2026 17:31:40 +0000https://news.ycombinator.com/item?id=48338701kyllinghttps://news.ycombinator.com/item?id=48338701https://news.ycombinator.com/item?id=48338701