| ▲ | 0xbadcafebee 8 hours ago |
| A lot of the reasons to use MCP are contained in the architecture document (https://modelcontextprotocol.io/specification/2025-11-25/arc...) and others. Among them, chief is security, but then there's standardization of AI-specific features, and all the features you need in a distributed system with asynchronous tasks and parallel operation. There is a lot of stuff that has nothing to do with calling tools. For any sufficiently complex set of AI tasks, you will eventually need to invent MCP. The article posted here talks about those cases and reasons. However, there are cases when you should not use MCP, and the article points those out too. |
|
| ▲ | troupo 3 hours ago | parent | next [-] |
| > Among them, chief is security The security is so chief that they had no security at all until several versions later when they hastily bolted on OAuth. MCP is a vibe-codef protocol that rode one of the many AI hype waves where all "design documents" are post-hoc justifications. |
| |
| ▲ | brabel 2 hours ago | parent [-] | | They did the right thing in hindsight: leave security open until clear patterns emerge, then solidify those patterns into a spec. The spec is still in draft and currently, they are trying to find a simpler solution for client registration than DCR, which apparently ephemeral clients seems to solve for now. If they had made the security spec without waiting for user information they would most certainly have chosen a suboptimal solution. | | |
| ▲ | troupo an hour ago | parent [-] | | Or... They could just use any of the existing API specs and wouldn't have to scramble to fix whatever Claude Code spat out. |
|
|
|
| ▲ | tptacek 8 hours ago | parent | prev | next [-] |
| If the chief reason to use MCP is security, I'm sold: it's a dead letter, and we're not going to be using it a couple years from now. |
| |
| ▲ | 0xbadcafebee 8 hours ago | parent [-] | | Security is the chief reason in that it's the most important, since AI security is like nuclear waste. But the reason you should use it is it's a standard, and it's better to use one standard and be compatible with 10,000 apps, than have to write 10,000 custom integrations. When I first used ChatGPT, I thought, "surely someone has written some kind of POP3 or IMAP plugin for ChatGPT so it can just connect to my mail server and download my mail." Nope; you needed to write a ChatGPT-specific integration for mail, which needed to be approved by ChatGPT, etc. Whereas if they supported any remote MCP server, I could just write an MCP server for mail, and have ChatGPT connect to it, ask it to "/search_mail_for_string" or whatever, and poof, You Have Mail(tm). |
|
|
| ▲ | DetroitThrow 4 hours ago | parent | prev [-] |
| >Among them, chief is security Considering many popular MCPs have done auth incorrectly, this made me lol |
