Outliner Software
Home Forum Archives Search Login Register


 

Outliner Software Forum RSS Feed Forum Posts Feed

Subscribe by Email

CRIMP Defined

 

Tip Jar

AI-infused

View this topic | Back to topic list

Posted by MadaboutDana
Sep 29, 2025 at 02:04 PM

 

Quite right. A couple of revealing articles here:

https://www.redhat.com/en/blog/model-context-protocol-mcp-understanding-security-risks-and-controls

https://www.atlassian.com/blog/artificial-intelligence/mcp-risk-awareness

Both of them suggest mitigation strategies, but MCP is innately a high-risk architecture for many different reasons. You could argue (as indeed @eastgate has) that such risks are an innate part of evolving (computer) ecosystems, and indeed, most of us here will have happy memories of the early years of the web and some of the more disastrous programming decisions associated with it.

But at the same time, there is a huge amount of security expertise out there nowadays (one of my family members works as a high-level software in banking security – a real laugh a minute!), and it does appear that whoever put MCP together didn’t take the time to consult the really experienced experts in anything like enough detail. Shame, because inevitably this will result in the usual accretive further development (bolt-ons) rather than a complete rebuild.

And just to respond to an earlier point: my local LLM server runs on-device with no access to the web, so even if MCP is involved (which I doubt), I’m not exposed to malicious third parties. I take a regular sniff at ChatGPT (or more often, Claude, which I personally consider superior), but I don’t use either of them in my regular work. In that sense, I am entirely in accord with @marlowe.

Cheers,
Bill

Paul Korm wrote:
There are real, well-documented issues with MCP and other technologies
>employed in the current build-out of “AI” across the globe.  I hesitate
>to label this “the great breakthrough of our time”, when it is very
>difficult for most users to understand precisely what is going on in an
>interaction with one of these.  This is far different than the
>introduction of air transport, or any other mechanical technology. 
> >eastgate wrote:
>>There might be good reasons to ignore the great breakthrough of our
>>time. (I remember when people wouldn’t fly because planes were too
>>dangerous.) Insecurity of MCP is not among those reasons.

 

© 2006-2025 Pixicom - Some Rights Reserved. | Tip Jar