Difference between revisions of "Model Context Protocol"
(→Solutions) |
(→Solutions) |
||
| (8 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
MCP is a security nightmare! | MCP is a security nightmare! | ||
| − | Don’t get me wrong — at Wexa, we see Model Context Protocol as the HTTP of the GenAI era. It’s the missing link to make AI assistants truly agentic and interoperable. | + | Don’t get me wrong — [https://www.wexa.ai/ at Wexa,] we see Model Context Protocol as the HTTP of the GenAI era. It’s the missing link to make AI assistants truly agentic and interoperable. |
==Problems== | ==Problems== | ||
| Line 25: | Line 25: | ||
MCP is powerful. But don’t assume it’s safe out of the box. | MCP is powerful. But don’t assume it’s safe out of the box. | ||
| + | |||
| + | * [https://sphericalcowconsulting.com/2025/06/17/the-mcp-bandwagon/ The MCP Bandwagon] 2025-07-01 Heather Flanagan | ||
==Solutions== | ==Solutions== | ||
| + | * See wiki [[Attention Economy]] for more on Agent to Agent(A2A) solutions | ||
| + | * 2025-05-23 [https://medium.com/kagenti-the-agentic-platform/security-in-and-around-mcp-part-2-mcp-in-deployment-65bdd0ba9dc6 Security In and Around MCP: Part 2 — MCP in Deployment] Maia Iyer, Mariusz Sabath, Alan Cha, Hai Huang, Paolo Dettori, Jarek Cwiklik | ||
| + | * 2025-05-16 AWS Load MCP from the command line with one call [https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/command-line.html Using Amazon Q Developer on the command line] | ||
| + | * 2025-05-14 there is another layer here that bears deeper discussion, and that's how the two sides of the MCP proxy relate to each other, and what that means to the overall security posture. [https://justinsecurity.medium.com/tangled-tokens-and-authorized-agents-331e4db02fb4 Tangled Tokens and Authorized Agents] | ||
* 2025-05-12 [https://track.maillist.codeproject.com/ga/click/2-5945953-9-333-587-5743-1b27e53377-8s316be653 Why AI agents need a protocol like MCP to reach their potential] MCP is “an open standard that enables developers to build secure, two-way connections between their data sources and AI-powered tools,” Anthropic wrote in a blog post announcing it was open sourcing the protocol. | * 2025-05-12 [https://track.maillist.codeproject.com/ga/click/2-5945953-9-333-587-5743-1b27e53377-8s316be653 Why AI agents need a protocol like MCP to reach their potential] MCP is “an open standard that enables developers to build secure, two-way connections between their data sources and AI-powered tools,” Anthropic wrote in a blog post announcing it was open sourcing the protocol. | ||
* 2025-04-11 [https://arxiv.org/abs/2504.08623 Enterprise-Grade Security for the Model Context Protocol (MCP): Frameworks and Mitigation Strategies] | * 2025-04-11 [https://arxiv.org/abs/2504.08623 Enterprise-Grade Security for the Model Context Protocol (MCP): Frameworks and Mitigation Strategies] | ||
| Line 39: | Line 45: | ||
The difference between RAG (Retrieval-Augmented Generation) and MCP (Model Context Protocol) lies in their approach to data retrieval and usage in AI systems: | The difference between RAG (Retrieval-Augmented Generation) and MCP (Model Context Protocol) lies in their approach to data retrieval and usage in AI systems: | ||
* RAG (Retrieval-Augmented Generation): | * RAG (Retrieval-Augmented Generation): | ||
| − | ** RAG fetches external data in real-time to augment the AI's responses. For example, it might query a database or API to retrieve the latest information before generating an answer. | + | ** RAG fetches external data in real-time to augment the AI's responses. For example, it might query a database or API to retrieve the latest information before generating an answer or to validate a generated answer. |
** It is highly flexible, allowing AI to access diverse sources for context-specific queries. However, it can be resource-intensive, as each query requires external connections. | ** It is highly flexible, allowing AI to access diverse sources for context-specific queries. However, it can be resource-intensive, as each query requires external connections. | ||
* MCP (Model Context Protocol): | * MCP (Model Context Protocol): | ||
| Line 46: | Line 52: | ||
** MCP is more efficient for workflows requiring continuity and real-time data integration. | ** MCP is more efficient for workflows requiring continuity and real-time data integration. | ||
In essence, RAG is like fetching fresh data for every query, while MCP is about leveraging stored context for smarter, seamless interactions | In essence, RAG is like fetching fresh data for every query, while MCP is about leveraging stored context for smarter, seamless interactions | ||
| + | |||
===Authorization=== | ===Authorization=== | ||
Aaron Parecki | Aaron Parecki | ||
Latest revision as of 14:17, 7 July 2025
Contents
Full Title or Meme
MCP is an open protocol that standardizes how applications provide context to LLMs. Think of MCP like a USB-C port for AI applications. Just as USB-C provides a standardized way to connect your devices to various peripherals and accessories, MCP provides a standardized way to connect AI models to different data sources and tools.[1]
Context
Quantum computers are expected to break traditional cryptographic systems like RSA and ECC. In response,
MCP is a security nightmare!
Don’t get me wrong — at Wexa, we see Model Context Protocol as the HTTP of the GenAI era. It’s the missing link to make AI assistants truly agentic and interoperable.
Problems
MCP doesn’t govern security by default. -> Tool poisoning attacks are a cakewalk if you’re not explicitly validating or sanitizing inputs. Anyone can sneak in malicious instructions through tool descriptions or context — and the model will just obey.
Versioning is a mess. -> There’s no clear standard for how models or tools should handle different MCP versions. That means you risk breaking tools silently — or worse, running outdated logic with no warning.
Persistent context = persistent risk. -> If your AI coworker remembers things across sessions, what happens when the context itself is compromised or manipulated?
We’re bullish on MCP — it’s foundational to how we’re building secure, scalable AI agents inside Wexa.
if you’re using MCP in production today, you’re likely exposed unless you’ve already wrapped it in a tight security layer.
MCP is powerful. But don’t assume it’s safe out of the box.
- The MCP Bandwagon 2025-07-01 Heather Flanagan
Solutions
- See wiki Attention Economy for more on Agent to Agent(A2A) solutions
- 2025-05-23 Security In and Around MCP: Part 2 — MCP in Deployment Maia Iyer, Mariusz Sabath, Alan Cha, Hai Huang, Paolo Dettori, Jarek Cwiklik
- 2025-05-16 AWS Load MCP from the command line with one call Using Amazon Q Developer on the command line
- 2025-05-14 there is another layer here that bears deeper discussion, and that's how the two sides of the MCP proxy relate to each other, and what that means to the overall security posture. Tangled Tokens and Authorized Agents
- 2025-05-12 Why AI agents need a protocol like MCP to reach their potential MCP is “an open standard that enables developers to build secure, two-way connections between their data sources and AI-powered tools,” Anthropic wrote in a blog post announcing it was open sourcing the protocol.
- 2025-04-11 Enterprise-Grade Security for the Model Context Protocol (MCP): Frameworks and Mitigation Strategies
- 2025-04 Google joins OpenAI in adopting Anthropic's protocol for connecting AI agents - why it matters
- 2024-03-19 Introducing Model Context Protocol (MCP) in Copilot Studio: Simplified Integration with AI Apps and Agents Microsoft
- Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang Model Context Protocol (MCP): Landscape, Security Threats, and Future Research Directions 2025-03-30 https://arxiv.org/abs/2503.23278
- 2024-11-25 Introducing the Model Context Protocol
Enable AI Agent
Difference between RAG & MCP
The difference between RAG (Retrieval-Augmented Generation) and MCP (Model Context Protocol) lies in their approach to data retrieval and usage in AI systems:
- RAG (Retrieval-Augmented Generation):
- RAG fetches external data in real-time to augment the AI's responses. For example, it might query a database or API to retrieve the latest information before generating an answer or to validate a generated answer.
- It is highly flexible, allowing AI to access diverse sources for context-specific queries. However, it can be resource-intensive, as each query requires external connections.
- MCP (Model Context Protocol):
- MCP focuses on maintaining context within the AI itself, enabling it to remember previous interactions and provide personalized responses.
- It reduces the need for external data retrieval, relying on stored memory and predefined prompts.
- MCP is more efficient for workflows requiring continuity and real-time data integration.
In essence, RAG is like fetching fresh data for every query, while MCP is about leveraging stored context for smarter, seamless interactions
Authorization
Aaron Parecki
Enterprise
Aaron Parecki
References
- ↑ Get started with the Model Context Protocol (MCP) https://modelcontextprotocol.io/introduction
