Thanks for the post, it describes the problems of MCP and agents really well. Personally, I don't quite understand why people are so excited by this, knowing that there are such issues with working with agents and MCP — not only usability issues but the security ones.
I think that the problem you describe in "MCP assumes tools are assistant agnostic and handle retrieval" practically renders AI agents useless for now. On one hand, we say that LLMs give us the universal interface, where we can tell the agent in plain human language what needs to be done. On the other hand, you say that we need to tailor prompts both to the MCP tools in use and to the LLM, which basically means that I need to learn from scratch how to operate the agent. I already know how to operate the browser and post on a LInkedIn. What benefit do I get from learning another tool that does the same?
Ironically, as the author writing about everything wrong with it, I'm pretty excited about this. Not what exists now but what I expect to be able to do as the standard, applications, and models mature.
> practically renders AI agents useless for now...What benefit do I get from learning another tool that does the same
In terms of my own uses cases, I'm often approaching it from the mindset of not "here's all the reasons it can't do xyz like me" and more so "how can I change my workflow to make it stable enough for an LLM to do it instead so I can do other things". I think that's also huge "catch" to all the AI hype which makes it seems like AI is going to do all these magical things out of the box. It doesn't and yet AI writes most of my code nowadays (at work!) and automates a lot of the other less interesting day to day things. I can just do a lot more in less time and I expect this to only expand over time -- that's pretty exciting to me.
Thanks for writing this, Shrivu! I have been exploring MCP recently and am aware of some of the risks with using MCP servers but I learned many more from your article. You mentioned you use "an assistant connected to an MCP server literally every day". Curious, which MCP server is that?
Thanks! It's all custom ones which allow me to plugin specialized tools into existing apps like Cursor and Claude Desktop.
We'll have a post soon (~2 weeks) on my work eng blog going through how it works and what specifically we do with our internal MCP server: https://abnormalsecurity.com/blog
There is so much talk about MCP at the moment. I've been pull in this topic recently and tried a few servers but have found the experience quite confusing. Most of my attempts either didn't work or didn't add much value. Is MCP just a "trendy new thing" or will it really become a new standard and a breakthrough in AI usage?
What are some real world use cases where MCP truly shine and add value in your day-to-day AI usage?
There's definitely a long way to go for MCP to extend from the experimental power users to folks wanting something to work right out the box. I think it can both be a pretty fundamental protocol while also being extremely over hyped as a "trendy new thing" which ends up being the case with a lot of AI technologies.
I personally don't code without my Cursor MCP which integrate some other dev dbs (jira, github, etc) along with some refactor power tools. Expect the bring-your-own-tools paradigm will likely continue to gain popularity as more folks use agents in their day to day and want to connect things up.
I considered discussing how HTTP, REST/JSON, and GraphQL also lack built-in security, but you went beyond just the basics.
IMHO, the risk is comparable to adding an IDE plugin or an code dependency (npm, maven..etc). Personally, I believe an proofed MCP ecosystem is lacking.
Thanks for the post, it describes the problems of MCP and agents really well. Personally, I don't quite understand why people are so excited by this, knowing that there are such issues with working with agents and MCP — not only usability issues but the security ones.
I think that the problem you describe in "MCP assumes tools are assistant agnostic and handle retrieval" practically renders AI agents useless for now. On one hand, we say that LLMs give us the universal interface, where we can tell the agent in plain human language what needs to be done. On the other hand, you say that we need to tailor prompts both to the MCP tools in use and to the LLM, which basically means that I need to learn from scratch how to operate the agent. I already know how to operate the browser and post on a LInkedIn. What benefit do I get from learning another tool that does the same?
Ironically, as the author writing about everything wrong with it, I'm pretty excited about this. Not what exists now but what I expect to be able to do as the standard, applications, and models mature.
> practically renders AI agents useless for now...What benefit do I get from learning another tool that does the same
In terms of my own uses cases, I'm often approaching it from the mindset of not "here's all the reasons it can't do xyz like me" and more so "how can I change my workflow to make it stable enough for an LLM to do it instead so I can do other things". I think that's also huge "catch" to all the AI hype which makes it seems like AI is going to do all these magical things out of the box. It doesn't and yet AI writes most of my code nowadays (at work!) and automates a lot of the other less interesting day to day things. I can just do a lot more in less time and I expect this to only expand over time -- that's pretty exciting to me.
its true that MCP is not great. similarly, HTTP was worse more at begin, but ruled the web.
Great post!
> I think Google’s new Agent2Agent protocol might solve a lot of these but that’s for a separate post.
Looking forward to this! 😊
Thanks for writing this, Shrivu! I have been exploring MCP recently and am aware of some of the risks with using MCP servers but I learned many more from your article. You mentioned you use "an assistant connected to an MCP server literally every day". Curious, which MCP server is that?
Thanks! It's all custom ones which allow me to plugin specialized tools into existing apps like Cursor and Claude Desktop.
We'll have a post soon (~2 weeks) on my work eng blog going through how it works and what specifically we do with our internal MCP server: https://abnormalsecurity.com/blog
Ah got it. Will keep an eye out for it!
There is so much talk about MCP at the moment. I've been pull in this topic recently and tried a few servers but have found the experience quite confusing. Most of my attempts either didn't work or didn't add much value. Is MCP just a "trendy new thing" or will it really become a new standard and a breakthrough in AI usage?
What are some real world use cases where MCP truly shine and add value in your day-to-day AI usage?
There's definitely a long way to go for MCP to extend from the experimental power users to folks wanting something to work right out the box. I think it can both be a pretty fundamental protocol while also being extremely over hyped as a "trendy new thing" which ends up being the case with a lot of AI technologies.
I personally don't code without my Cursor MCP which integrate some other dev dbs (jira, github, etc) along with some refactor power tools. Expect the bring-your-own-tools paradigm will likely continue to gain popularity as more folks use agents in their day to day and want to connect things up.
related: https://abnormal.ai/blog/abnormal-accelerates-developer-velocity-with-mcp
MCP is still in its early stages of development, and I believe it will be a breakthrough point in the field of AI.
When I see MCP I see Trons MCP
Excellent article.
I considered discussing how HTTP, REST/JSON, and GraphQL also lack built-in security, but you went beyond just the basics.
IMHO, the risk is comparable to adding an IDE plugin or an code dependency (npm, maven..etc). Personally, I believe an proofed MCP ecosystem is lacking.