Show HN: MCP Defender – OSS AI Firewall for Protecting MCP in Cursor/Claude etc.
9 by gsundeep | 2 comments on Hacker News.
Hi HN, MCP Defender is an open source desktop app that automatically proxies your MCP traffic in AI apps like Cursor, Claude, Windsurf and VSCode. It then scans all requests and responses between the apps and the MCP tools they call. If it detects anything malicious, it alerts you and lets you allow or block the tool call. While the threat landscape of MCP is still being actively researched, there are dangerous things that MCP Defender can block today. For example, a developer asks Cursor to fix a Github issue with an attached crash log. However, the Github issue was created by an attacker who included secret instructions buried in the crash log. These instructions tell Cursor to send the developer’s SSH keys to a server the attacker controls. MCP Defender detects these malicious instructions and alerts the developer who otherwise may not be careful in running tool calls. The scanning is currently done via an LLM and checks for things like prompt injection, credential theft (ssh keys, tokens) and arbitrary code execution. You can use an MCP Defender account or provide your own API keys for LLM providers to perform the scanning. Currently we’ve published a beta Mac build and we’ll soon publish builds for Windows and Linux as well. Any feedback would be greatly appreciated. Thanks!
9 by gsundeep | 2 comments on Hacker News.
Hi HN, MCP Defender is an open source desktop app that automatically proxies your MCP traffic in AI apps like Cursor, Claude, Windsurf and VSCode. It then scans all requests and responses between the apps and the MCP tools they call. If it detects anything malicious, it alerts you and lets you allow or block the tool call. While the threat landscape of MCP is still being actively researched, there are dangerous things that MCP Defender can block today. For example, a developer asks Cursor to fix a Github issue with an attached crash log. However, the Github issue was created by an attacker who included secret instructions buried in the crash log. These instructions tell Cursor to send the developer’s SSH keys to a server the attacker controls. MCP Defender detects these malicious instructions and alerts the developer who otherwise may not be careful in running tool calls. The scanning is currently done via an LLM and checks for things like prompt injection, credential theft (ssh keys, tokens) and arbitrary code execution. You can use an MCP Defender account or provide your own API keys for LLM providers to perform the scanning. Currently we’ve published a beta Mac build and we’ll soon publish builds for Windows and Linux as well. Any feedback would be greatly appreciated. Thanks!
Show HN: Leap – Full-stack AI developer agent that deploys to AWS
11 by machekb | 0 comments on Hacker News.
We just launched Leap, an AI developer agent that helps you build and deploy apps with real backends to your own AWS or GCP cloud. We built it because every AI app builder we tried fell short. They were fine for prototypes, but not for real systems. No support for proper backend infra, no isolated test environments, and sometimes shockingly no way to own your code. We build Leap to be more appropriate for developers: - Connect GitHub to put your code in a repo you control- Work with code generation using pull request–style revisions with diffs- Get Architecture diagrams and API docs for your app as you build- Develop using an isolated preview environment- Deploy either via open source tooling or the integration with Encore Cloud for automated deploys to AWS/GCP Leap uses Claude 4 Sonnet and runs on our open-source framework Encore.ts[1], which provides declarative infrastructure (like a cloud-agnostic CDK-layer). We found the framework to be a good fit for LLM code generation as both application logic and infra is defined in the same context, and the declarative nature makes it less error prone. Right now we think Leap is best for starting new projects or building new isolated services in existing larger systems. The biggest challenge right now is dealing with larger codebases as models struggle to cope with large contexts. And while we're doing a few things to optimize this, we intentionally made it so that you can switch to your IDE any time and keep working there. To run your app locally you only need the open Encore CLI installed, which also can be used to build the app as a docker container. We're just getting started and would love your feedback if you try it. And also it would be helpful to understand what would make this useful for you? - You can try it here: https://leap.new - Here's the launch blog post and video: https://ift.tt/QIFVuBJ [1] https://ift.tt/PWcNTo4
11 by machekb | 0 comments on Hacker News.
We just launched Leap, an AI developer agent that helps you build and deploy apps with real backends to your own AWS or GCP cloud. We built it because every AI app builder we tried fell short. They were fine for prototypes, but not for real systems. No support for proper backend infra, no isolated test environments, and sometimes shockingly no way to own your code. We build Leap to be more appropriate for developers: - Connect GitHub to put your code in a repo you control- Work with code generation using pull request–style revisions with diffs- Get Architecture diagrams and API docs for your app as you build- Develop using an isolated preview environment- Deploy either via open source tooling or the integration with Encore Cloud for automated deploys to AWS/GCP Leap uses Claude 4 Sonnet and runs on our open-source framework Encore.ts[1], which provides declarative infrastructure (like a cloud-agnostic CDK-layer). We found the framework to be a good fit for LLM code generation as both application logic and infra is defined in the same context, and the declarative nature makes it less error prone. Right now we think Leap is best for starting new projects or building new isolated services in existing larger systems. The biggest challenge right now is dealing with larger codebases as models struggle to cope with large contexts. And while we're doing a few things to optimize this, we intentionally made it so that you can switch to your IDE any time and keep working there. To run your app locally you only need the open Encore CLI installed, which also can be used to build the app as a docker container. We're just getting started and would love your feedback if you try it. And also it would be helpful to understand what would make this useful for you? - You can try it here: https://leap.new - Here's the launch blog post and video: https://ift.tt/QIFVuBJ [1] https://ift.tt/PWcNTo4
AccessOwl (YC S22) is hiring an AI TypeScript Engineer to connect 100s of SaaS
1 by mathiasn | 0 comments on Hacker News.
1 by mathiasn | 0 comments on Hacker News.
Google Duo will be replaced by Google Meet in Sept 2025
8 by phantomathkg | 14 comments on Hacker News.
8 by phantomathkg | 14 comments on Hacker News.
Doge cuts to USAid blamed for 300k deaths – most of them children
21 by mnewme | 4 comments on Hacker News.
21 by mnewme | 4 comments on Hacker News.
Using lots of little tools to aggressively reject the bots
3 by archargelod | 0 comments on Hacker News.
3 by archargelod | 0 comments on Hacker News.
Investment Risk Is Highest for Nuclear Power Plants, Lowest for Solar
20 by doener | 2 comments on Hacker News.
20 by doener | 2 comments on Hacker News.
'Wind theft': The mysterious effect plaguing wind farms
7 by JumpCrisscross | 2 comments on Hacker News.
7 by JumpCrisscross | 2 comments on Hacker News.