10 Comments
User's avatar
Michał Trojanowski's avatar

Thanks for the post, it describes the problems of MCP and agents really well. Personally, I don't quite understand why people are so excited by this, knowing that there are such issues with working with agents and MCP — not only usability issues but the security ones.

I think that the problem you describe in "MCP assumes tools are assistant agnostic and handle retrieval" practically renders AI agents useless for now. On one hand, we say that LLMs give us the universal interface, where we can tell the agent in plain human language what needs to be done. On the other hand, you say that we need to tailor prompts both to the MCP tools in use and to the LLM, which basically means that I need to learn from scratch how to operate the agent. I already know how to operate the browser and post on a LInkedIn. What benefit do I get from learning another tool that does the same?

Expand full comment
Shrivu Shankar's avatar

Ironically, as the author writing about everything wrong with it, I'm pretty excited about this. Not what exists now but what I expect to be able to do as the standard, applications, and models mature.

> practically renders AI agents useless for now...What benefit do I get from learning another tool that does the same

In terms of my own uses cases, I'm often approaching it from the mindset of not "here's all the reasons it can't do xyz like me" and more so "how can I change my workflow to make it stable enough for an LLM to do it instead so I can do other things". I think that's also huge "catch" to all the AI hype which makes it seems like AI is going to do all these magical things out of the box. It doesn't and yet AI writes most of my code nowadays (at work!) and automates a lot of the other less interesting day to day things. I can just do a lot more in less time and I expect this to only expand over time -- that's pretty exciting to me.

Expand full comment
alex's avatar

its true that MCP is not great. similarly, HTTP was worse more at begin, but ruled the web.

Expand full comment
Alfred Lua's avatar

Thanks for writing this, Shrivu! I have been exploring MCP recently and am aware of some of the risks with using MCP servers but I learned many more from your article. You mentioned you use "an assistant connected to an MCP server literally every day". Curious, which MCP server is that?

Expand full comment
Shrivu Shankar's avatar

Thanks! It's all custom ones which allow me to plugin specialized tools into existing apps like Cursor and Claude Desktop.

We'll have a post soon (~2 weeks) on my work eng blog going through how it works and what specifically we do with our internal MCP server: https://abnormalsecurity.com/blog

Expand full comment
Alfred Lua's avatar

Ah got it. Will keep an eye out for it!

Expand full comment
Nikhil Maddirala's avatar

Great post!

> I think Google’s new Agent2Agent protocol might solve a lot of these but that’s for a separate post.

Looking forward to this! 😊

Expand full comment
anghunk's avatar

MCP is still in its early stages of development, and I believe it will be a breakthrough point in the field of AI.

Expand full comment
Tylney Taylor's avatar

When I see MCP I see Trons MCP

Expand full comment
olivier refalo's avatar

Excellent article.

I considered discussing how HTTP, REST/JSON, and GraphQL also lack built-in security, but you went beyond just the basics.

IMHO, the risk is comparable to adding an IDE plugin or an code dependency (npm, maven..etc). Personally, I believe an proofed MCP ecosystem is lacking.

Expand full comment