Hacker News: marcfischttps://news.ycombinator.com/user?id=marcfiscHacker News RSShttps://hnrss.org/hnrss v2.1.1Thu, 09 Apr 2026 06:37:22 +0000<![CDATA[New comment by marcfisc in "I'm helping my dog vibe code games"]]>Amazing story and work!

You mentioned Claude not being able to see the games. What I really like for this is the Claude Code Chrome Extension. You can easily make godot build a web version, and then have Claude debug it interactively in the browser.

]]>Wed, 25 Feb 2026 07:27:56 +0000https://news.ycombinator.com/item?id=47148483marcfischttps://news.ycombinator.com/item?id=47148483https://news.ycombinator.com/item?id=47148483<![CDATA[New comment by marcfisc in "GitHub MCP exploited: Accessing private repositories via MCP"]]>Sadly, these ideas have been explored before, e.g.: https://simonwillison.net/2022/Sep/17/prompt-injection-more-...

Also, OpenAI has proposed ways of training LLMs to trust tool outputs less than User instructions (https://arxiv.org/pdf/2404.13208). That also doesn't work against these attacks.

]]>Mon, 26 May 2025 20:37:52 +0000https://news.ycombinator.com/item?id=44101432marcfischttps://news.ycombinator.com/item?id=44101432https://news.ycombinator.com/item?id=44101432<![CDATA[New comment by marcfisc in "Show HN: MCP-Shield – Detect security issues in MCP servers"]]>Cool work! Thanks for citing our (InvariantLabs) blog posts! I really like the identify-as feature!

We recently launched a similar tool ourselfs, called mcp-scan: https://github.com/invariantlabs-ai/mcp-scan

]]>Tue, 15 Apr 2025 08:26:48 +0000https://news.ycombinator.com/item?id=43690315marcfischttps://news.ycombinator.com/item?id=43690315https://news.ycombinator.com/item?id=43690315<![CDATA[MCP Security Notification: Tool Poisoning Attacks]]>Article URL: https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks

Comments URL: https://news.ycombinator.com/item?id=43547127

Points: 4

# Comments: 0

]]>Tue, 01 Apr 2025 14:23:22 +0000https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacksmarcfischttps://news.ycombinator.com/item?id=43547127https://news.ycombinator.com/item?id=43547127<![CDATA[Show HN: Agent Benchmark Repository and Viewer]]>We have created a public registry of AI agent benchmarks and agent runtime traces to help everyone better understand how AI agents work and fail these days.

Our team and many agent builders we talked to wanted a better way of viewing what agents in these benchmarks do, e.g., how a particular coding agent approaches SWE-bench (https://www.swebench.com/). Right now, there are two reasons why this is difficult: benchmark traces are distributed on many different websites, and they are really hard to read. Often, they are huge raw JSON dumps of the agent in formats that are hard to read. To alleviate this, we build this repository, where it is easy to see what individual agents do and how they solve tasks (or fail to).

We hope that putting these agent traces in one place makes it easier to understand and progress on AI agent development in both industry and academia. We are happy to add more benchmarks and agents – let us know if you have something in mind.

Comments URL: https://news.ycombinator.com/item?id=42246135

Points: 2

# Comments: 0

]]>Tue, 26 Nov 2024 14:37:47 +0000https://explorer.invariantlabs.ai/benchmarks/marcfischttps://news.ycombinator.com/item?id=42246135https://news.ycombinator.com/item?id=42246135<![CDATA[New comment by marcfisc in "LMQL is a programming language for language model interaction"]]>Author here. Happy to answer any questions you have.

]]>Sat, 08 Apr 2023 07:11:17 +0000https://news.ycombinator.com/item?id=35491250marcfischttps://news.ycombinator.com/item?id=35491250https://news.ycombinator.com/item?id=35491250