The generative AI (Genai) raises a classic Dilemma of IT. When it works well, it is incredibly versatile and useful, feeding dreams that can do almost anything.
The problem is that when it does not work well, you could offer incorrect answers, cancel your instructions and reinforce practically the plots of each science fiction horror movie never done. That’s why I was horrified when Openai at the end of last month announced changes To make it much easier to give your models full access to any software using the model context protocol (MCP).
“We are adding support for Remote MCP servers In the API of answers, building on the launch of MCP support in SDK agents“Said the company.” MCP is an open protocol that standardizes how applications provide context to LLMS. By admitting MCP servers in the API of answers, developers can connect our models to tools housed on any MCP server with only a few lines of code. “
There are a lot of companies that have publicly said that they will use MCP, including those with popular applications such as Paypal, Stripe, Shopify, Square, Slack, Quickbooks, Salesforce and Googledrive.
The ability of a large language model (LLM) of Genai to coordinate data and actions with all these applications, and many more, certainly sounds attractive. But it is dangerous because it allows access to mountains of relevant data highly sensitive to compliance, and a wrong movement could deeply damage customers. MCP would also allow Genai tools to control these applications, exponentially increasing the risks.
If technology still cannot do its job in a proper and consistent way, what level of hallucinogens are needed to justify the expansion of their power to other applications?
Christofer Hoff, the CTO and the OSC in Lastpass, led LinkedIn to appeal to common sense. (Ok, if one wanted to appeal to common sense, LinkedIn is probably not the best place to start, but that is a different story).
“I love enthusiasm” Hoff wrote. “I think that the opportunity for the automation of end -to -end work flow with a standardized interface is fantastic in the face of moving on the codification of yours. That said, the safety cricket occupied by my frontal precort is screaming in terror. The bad guys will love this absolutely. Collection.
Rex Booth, the CISO in Identity Vendor Sailpoint, said the concerns are justified. “If you are connecting your agents with a lot of highly confidential data sources, you must have strong safeguards in your place,” he said.
But as Anthrope has noticed, Genai models do not always obey their own railings.
The Querypal CEO, Dev Nag, sees inevitable data use problems.
“You must specify what files [the model] It is allowed to look and what files is No allowed to look and should be able to specify that, “said Nag.” And we already know that the LLM do not do it perfectly. Hallucinated LLMS, make incorrect textual assumptions. “
Nag argued that the risk is, or at least it should be, already known for decision makers. “It’s the same as API risk,” Nag said. “If you open your API to an external supplier with its own code, you could do anything. MCP is only steroid API. I don’t think you want your central finances and can change your accounting.”
The best defense is not to trust the railings on both sides of communication, but to give the exclusion instructions on both sides. In an example with the model that tries to access Google Docs, NAG said, dual instructions are the only viable approach.
“It must be applied to both sides, with the Google Doc layer that is told that you cannot accept any call from the LLM,” Nag said. “On the side of the LLM, I should say it ‘ok, my intentions are to show my work documents, but not my financial documents.”
In a nutshell: MCP’s interactivity concept is excellent. The probable reality in the short term? Not so much.
#Openais #MCP #movement #tempts #trust #Genai
