Outliner Software
Home Forum Archives Search Login Register


 

Outliner Software Forum RSS Feed Forum Posts Feed

Subscribe by Email

CRIMP Defined

 

Tip Jar

AI-infused

< Next Topic | Back to topic list | Previous Topic >

Pages:  < 1 2 3 4 5 6 7 8 >  Last ›

Posted by satis
Sep 28, 2025 at 05:36 PM

 

I think there might be a problem of nomenclature here. LLMs are the technology *underpinning* chatbots, but LLMs are not chatbots themselves.

People are using LLMs right now in everyday usage. Email programs like Gmail and Outlook use LLMs to autocomplete sentences and suggest phrasing. The best translation services and apps use LLMs to generate more natural, context-aware translations and realistic phrasing. (That includes live translation that works system-wide in iOS in Messages, FaceTime, and while your AirPods are on.) Email and audio transcript summarization in podcast apps, which has come online in Pocket Casts, Apple Podcasts and others, is all LLM-based. Message summarization in smartphone lockscreens is based on LLM-training. Apps and services that pull text out of photos (or translate them) are all LLM-based. Product and user-review summaries on retail websites like Amazon are all LLM-based.

And LLMs are being used behind the scenes to protect the websites you visit (and attack them, too).

 

Posted by Paul Korm
Sep 28, 2025 at 06:52 PM

 

There are real, well-documented issues with MCP and other technologies employed in the current build-out of “AI” across the globe.  I hesitate to label this “the great breakthrough of our time”, when it is very difficult for most users to understand precisely what is going on in an interaction with one of these.  This is far different than the introduction of air transport, or any other mechanical technology. 

eastgate wrote:
>There might be good reasons to ignore the great breakthrough of our
>time. (I remember when people wouldn’t fly because planes were too
>dangerous.) Insecurity of MCP is not among those reasons.

 

Posted by MadaboutDana
Sep 29, 2025 at 02:04 PM

 

Quite right. A couple of revealing articles here:

https://www.redhat.com/en/blog/model-context-protocol-mcp-understanding-security-risks-and-controls

https://www.atlassian.com/blog/artificial-intelligence/mcp-risk-awareness

Both of them suggest mitigation strategies, but MCP is innately a high-risk architecture for many different reasons. You could argue (as indeed @eastgate has) that such risks are an innate part of evolving (computer) ecosystems, and indeed, most of us here will have happy memories of the early years of the web and some of the more disastrous programming decisions associated with it.

But at the same time, there is a huge amount of security expertise out there nowadays (one of my family members works as a high-level software in banking security – a real laugh a minute!), and it does appear that whoever put MCP together didn’t take the time to consult the really experienced experts in anything like enough detail. Shame, because inevitably this will result in the usual accretive further development (bolt-ons) rather than a complete rebuild.

And just to respond to an earlier point: my local LLM server runs on-device with no access to the web, so even if MCP is involved (which I doubt), I’m not exposed to malicious third parties. I take a regular sniff at ChatGPT (or more often, Claude, which I personally consider superior), but I don’t use either of them in my regular work. In that sense, I am entirely in accord with @marlowe.

Cheers,
Bill

Paul Korm wrote:
There are real, well-documented issues with MCP and other technologies
>employed in the current build-out of “AI” across the globe.  I hesitate
>to label this “the great breakthrough of our time”, when it is very
>difficult for most users to understand precisely what is going on in an
>interaction with one of these.  This is far different than the
>introduction of air transport, or any other mechanical technology. 
> >eastgate wrote:
>>There might be good reasons to ignore the great breakthrough of our
>>time. (I remember when people wouldn’t fly because planes were too
>>dangerous.) Insecurity of MCP is not among those reasons.

 

Posted by MadaboutDana
Sep 29, 2025 at 02:06 PM

 

Sorry, I meant “works as a high-level software engineer” there – she isn’t actual software, as it happens!

 

Posted by MadaboutDana
Sep 29, 2025 at 02:08 PM

 

For a more brutal takedown of MCP, see e.g. https://medium.com/data-science-collective/mcp-is-a-security-nightmare-heres-how-the-agent-security-framework-fixes-it-fd419fdfaf4e

 

Pages:  < 1 2 3 4 5 6 7 8 >  Last ›

Back to topic list

© 2006-2025 Pixicom - Some Rights Reserved. | Tip Jar