Back to News

Show HN: Driftcop – Open-source CLI SAST for "MCP rug pull attacks in AI Agents"

Hacker News - AI
Aug 9, 2025 03:37
vinaypanghal
1 views
hackernewsaidiscussion

Summary

Driftcop is an open-source CLI tool designed to continuously monitor and secure AI agents using external tools via Anthropic’s Model Context Protocol (MCP), addressing risks like "rug pull attacks" where tools can silently become malicious after updates. By tracking and approving tool metadata, Driftcop helps prevent security issues such as command injection and version drift, filling a critical gap in MCP’s current security features. This enhances trust and safety in AI agent ecosystems that rely on third-party integrations.

Hi HN! We just open-sourced Driftcop, a security tool for people building AI agents with external tools via MCP. Driftcop continuously checks that the tools your AI agent relies on haven’t changed or drifted in unsafe ways. The motivation came from recent findings that AI agents can be quietly compromised via their tools – e.g. a tool that was useful and benign yesterday could auto-update into something malicious today (this is known as a rug pull attack in the MCP context) Anthropic’s MCP (Model Context Protocol) makes it easy to plug tools into LLMs, but it lacks built-in security checks – in fact, MCP servers can suffer from issues like command injection, permission reuse, and version drift as highlighted by some early research. What Driftcop does: It’s essentially an AI-aware security scanner and approval workflow: When you connect your agent to an MCP server (tool provider), Driftcop first saves the approved tool descriptions and metadata. If anything later changes (the tool’s des
Read Full ArticleMore News

Related Articles

Show HN: SentiCall – AI-powered call assistant

Hacker News - AIAug 9

SentiCall is an AI-powered call assistant that offers real-time transcription, instant translation, smart reply suggestions, and post-call summaries to enhance productivity during phone calls, especially for users handling frequent meetings or multilingual conversations. Built with Flutter, Rust, OpenAI, and Google Cloud technologies, it aims to address limitations in existing call tools by providing seamless, real-time support. Its launch highlights growing trends in AI-driven communication tools and raises important considerations around privacy and security for productivity-focused applications.

Show HN: AI feedback on system design diagrams

Hacker News - AIAug 9

A new tool has been developed that uses AI (specifically Gemini) to provide feedback on system design diagrams for technical interview practice, offering a free, accessible alternative to traditional resources like books and mock interviews. By leveraging AI to assess user submissions, the tool demonstrates how large language models can support personalized learning and skill development in technical fields. This approach highlights the growing role of AI in democratizing interview preparation and technical education.

AI vs. the Copyrightous

Hacker News - AIAug 9

The article "AI vs. the Copyrightous" discusses ongoing legal battles over whether AI-generated content infringes on existing copyrights, highlighting recent class action lawsuits against major AI companies. It examines how these cases could set important precedents for copyright law and the development of AI, potentially impacting how AI models are trained and used in the future.