Core Insights - The article emphasizes the need to rethink tool development for agentic AI systems, moving away from traditional deterministic logic to accommodate the non-deterministic nature of AI agents [1][3][10] - It highlights that the effectiveness of AI agents is heavily dependent on the tools provided to them, and outlines a path for optimizing these tools [1][3][4] Tool Definition and Development - Tools for AI agents are defined as new software forms that bridge deterministic systems and non-deterministic agents, requiring a different approach to design [8][9][10] - The article suggests a rapid prototyping approach for tool development, followed by comprehensive evaluations to assess performance and make iterative improvements [12][14] Evaluation Process - Evaluation tasks should be generated based on real-world scenarios and data sources, ensuring that prompts are paired with verifiable responses [23][25] - The article advises against overly simplistic testing environments, advocating for complex conditions that can effectively stress-test the tools [27] Tool Design Principles - It is recommended to build a limited number of well-thought-out tools that align with high-value workflows, rather than creating numerous redundant tools [43][47] - Tools should be designed with clear and independent objectives to prevent confusion among AI agents when selecting the appropriate tool [45][50] Naming and Response Optimization - Implementing namespaces for tools can help clarify their functions and reduce confusion for AI agents [48][51] - Tools should return high-signal information, prioritizing context relevance over flexibility, to enhance the agent's performance [52][56] Future Outlook - The article concludes that the development of efficient tools for AI agents requires a shift from predictable deterministic patterns to non-deterministic approaches, with a focus on iterative, evaluation-driven processes [66]

Core Viewpoint - The article highlights the emerging security risks associated with the widespread deployment of the MCP (Multi-Channel Protocol), particularly the "lethal trifecta" attack model that combines prompt injection, sensitive data access, and information exfiltration, posing significant threats to SQL databases and other sensitive systems [1][3][15]. Group 1: MCP Deployment and Popularity - The MCP was quietly released at the end of 2024, gaining rapid traction with over 1,000 servers online by early 2025, and significant interest on platforms like GitHub, where related projects received over 33,000 stars [2][3]. - Major tech companies, including Google, OpenAI, and Microsoft, quickly integrated MCP into their ecosystems, leading to a surge in the creation of MCP servers by developers due to its simplicity and effectiveness [2][3]. Group 2: Security Risks and Attack Mechanisms - General Analysis identified a new attack pattern facilitated by MCP's architecture, where attackers can exploit prompt injection to gain unauthorized access to sensitive data [3][4]. - A specific case involving Supabase MCP demonstrated how an attacker could insert a seemingly benign message into a customer support ticket, prompting the MCP agent to leak sensitive integration tokens [4][6]. - The attack process was completed in under 30 seconds, highlighting the speed and stealth of such vulnerabilities, which can occur without triggering alarms or requiring elevated privileges [4][8]. Group 3: Architectural Issues and Recommendations - The article emphasizes that the security issues with MCP are not merely software bugs but fundamental architectural problems that need to be addressed at the system level [12][15]. - Supabase's CEO reiterated that MCP should not be connected to production databases, a caution that applies universally to all MCP implementations [13][14]. - The integration of OAuth with MCP has been criticized for not adequately addressing the security needs of AI agents, leading to potential vulnerabilities in how sensitive data is accessed and managed [17][20]. Group 4: Future Considerations and Industry Response - The article suggests that the current challenges with MCP require a reevaluation of security protocols and practices as the industry moves towards more integrated AI solutions [21]. - Experts believe that while the integration of different protocols like OAuth and MCP presents challenges, it is a necessary evolution that will ultimately succeed with ongoing feedback and adjustments [21].

Core Insights - The article highlights a significant security risk associated with the use of MCP (Multi-Channel Protocol) in AI applications, particularly the potential for SQL database leaks through a "lethal trifecta" attack pattern involving prompt injection, sensitive data access, and information exfiltration [1][4][19]. Group 1: MCP Deployment and Popularity - MCP has rapidly gained traction since its release in late 2024, with over 1,000 servers online by early 2025 and significant interest on platforms like GitHub, where related projects received over 33,000 stars [3]. - The simplicity and lightweight nature of MCP have led to a surge in developers creating their own MCP servers, allowing for easy integration with tools like Slack and Google Drive [3][4]. Group 2: Security Risks and Attack Mechanisms - General Analysis has identified a new attack mode stemming from the widespread deployment of MCP, which combines prompt injection with high-privilege operations and automated data return [4][19]. - An example of this vulnerability was demonstrated through an attack on Supabase MCP, where an attacker could extract sensitive integration tokens by submitting a seemingly benign customer support ticket [5][11]. Group 3: Attack Process Breakdown - The attack process involves five steps: setting up an environment, creating an attack entry point through a crafted support ticket, triggering the attack via a routine developer query, agent hijacking to execute SQL commands, and finally, data harvesting [7][9][11]. - The attack can occur without privilege escalation, as it exploits the existing permissions of the MCP agent, making it a significant threat to any team exposing production databases to MCP [11][13]. Group 4: Architectural Issues and Security Design Flaws - The article argues that the vulnerabilities are not merely software bugs but rather architectural issues inherent in the MCP design, which lacks adequate security measures [14][19]. - The integration of OAuth with MCP has been criticized as a mismatch, as OAuth was designed for human user authorization, while MCP is intended for AI agents, leading to fundamental security challenges [21][25]. Group 5: Future Considerations and Industry Implications - The ongoing evolution of MCP and its integration into various platforms necessitates a reevaluation of security protocols and practices within the industry [19][25]. - Experts emphasize the need for a comprehensive understanding of the security implications of using MCP, as the current design does not adequately address the risks associated with malicious calls [25].

Available in beta on Claude Desktop for all plan types.Download the latest version: https://t.co/iWXdAryVBH ...

Product Update - Local MCP servers can now be installed with one click on Claude Desktop [1] - Desktop Extensions (.dxt files) package the server, handle dependencies, and provide secure configuration [1]

Core Viewpoint - The article discusses the rise of Model Context Protocol (MCP) as a unifying tool invocation protocol in the AI industry, highlighting its rapid adoption and the excitement surrounding it, while also addressing its limitations and the need for realistic expectations regarding its applicability across different scenarios [3][4][5]. Summary by Sections What is MCP? - MCP is an open technical protocol designed to standardize interactions between large language models (LLMs) and external tools and services, functioning as a universal translator for AI models [5][6]. Why is MCP Needed? - Prior to MCP, AI tool invocation faced two main issues: fragmented interfaces requiring custom code for each combination and inefficient development processes [6][8]. MCP's Functionality - MCP employs a universal language format (JSON - RPC) allowing developers to interact with all tools supporting this protocol after a single learning phase [8][10]. MCP's Architecture - MCP consists of three core components: MCP Host (execution environment), MCP Client (communication hub), and MCP Server (service endpoint), facilitating smooth communication between AI models and external services [11][15]. MCP's Development Challenges and Market Chaos - The rapid growth of MCP has led to a chaotic market with many tools lacking practical value, as many developers rushed to create MCP-compatible services without thorough testing [24][34]. MCP's Limitations - While MCP has been beneficial for local client applications, it faces challenges in server-side and cloud applications due to its dual-link mechanism, which complicates implementation and maintenance [28][29]. Market Confusion - The current MCP market is characterized by low usability, with many tools failing to deliver real value, leading to inefficiencies in tool selection and usage [34][35]. MCP's Role in the AI Ecosystem - MCP is not a one-size-fits-all solution; it is a communication protocol that does not dictate how tools are selected or used, emphasizing the need for a collaborative approach among various AI components [39][40]. Future Directions - The article suggests that MCP's evolution may lead to a more streamlined and valuable tool ecosystem, as the market naturally selects for quality and utility over time [36][46].

以下文章来源于智能涌现 ，作者邓咏仪 智能涌现 . 文 ｜ 邓咏仪 编辑 ｜ 苏建勋 来源｜ 智能涌现（ID： AIEmergence） 封面来源 ｜ AI生成 大模型的风，如今又刮到了一个新名词上：MCP。 AI圈中不缺新鲜事，但这次不一样，互联网仿佛又回到了十多年前的春天。 "现在，基于MCP开发智能体，就像2010年开发移动APP。" 4月25日，百度 董事长李彦宏在百度Create大会上说到。 如果还没有听过MCP，但你肯定听过上一个热词：Agent（智能体）。2025年初，中国初创公司Manus的爆火，把这个名词瞬间推到了大众面前。 "真·能干活的AI"，是Agent爆火的关键。在这之前，大模型可以答疑解惑，但它只是一个简单的对话窗口，依赖于模型接受过的训练，大模型内的数据往 往不是最新的，如果只有大模型本体，调用外部工具，要经历非常繁琐的过程。 MCP这个概念，就和Agent密不可分。 MCP是Agent愿景得以实现的的重要路径——大模型可以自由地调用支持MCP协议的外部工具，完成更具体的任 务。 现在，包括高德地图、微信读书在内的应用，就已经纷纷推出官方的MCP Server（服务器），这意味着 ...

Core Viewpoint - The emergence of MCP (Model Context Protocol) is seen as a pivotal development in the AI industry, akin to the rise of mobile apps in 2010, enabling more efficient interactions between large models and external tools [1][2]. Group 1: Definition and Importance of MCP - MCP is an open standard that allows large models to interact with external data sources and tools, similar to a universal interface like USB [6][12]. - The adoption of MCP is expected to lead to a significant explosion in AI applications by 2025, as it simplifies the development process for AI applications [5][12]. Group 2: Current Trends and Adoption - Since February 2024, a global wave of MCP adoption has occurred, with major companies like OpenAI, Google, and others announcing support for the protocol [2][16]. - Over 4,000 MCP servers have been launched globally, indicating rapid growth in the ecosystem [12]. Group 3: Developer Experience and Challenges - Prior to MCP, developers faced high barriers in integrating external tools with large models, often requiring extensive coding and adaptation [10][11]. - With MCP, developers can focus on maintaining their applications rather than managing external tool performance, significantly reducing development workload [12][13]. Group 4: Competitive Landscape and Strategic Shifts - The shift towards MCP represents a strategic pivot for major AI companies, moving from isolated development to a more collaborative ecosystem [17][21]. - OpenAI's previous closed strategy has been contrasted with MCP's open approach, highlighting the advantages of a more inclusive development environment [18][21].

Core Viewpoint - The MCP (Model Context Protocol) has gained significant attention in the AI field due to the rise of Manus and Agent, with major companies like OpenAI, Microsoft, and Google supporting it, alongside domestic players like Alibaba Cloud and Tencent Cloud launching rapid deployment platforms [1][2]. Group 1: MCP Overview - MCP is designed to facilitate the integration of external services and functionalities into AI applications, acting as a universal interface for communication between AI applications (clients) and various external extensions (MCP servers) [5][6]. - The protocol emphasizes interaction patterns and aims to make AI applications more extensible, akin to a USB-C interface for connecting to an ecosystem [7][8]. - The concept of MCP was inspired by an internal project called LSP (Language Server Protocol), aiming to standardize communication between AI applications and extensions [8][10]. Group 2: Development and Design Principles - The MCP team focused on simplifying the server construction process, allowing for rapid development and iteration using AI-assisted coding [8][12]. - The design principles of MCP include ensuring that tools are controlled by the model rather than the user, allowing for a more seamless integration of functionalities [31][32]. - MCP is not in opposition to open APIs; rather, they are complementary, with each serving different purposes depending on the task at hand [33][34]. Group 3: Future Directions and Innovations - The future of AI applications and agents is expected to lean towards statefulness, which is a topic of ongoing debate within the MCP core team [56]. - There is potential for innovative applications that go beyond simple API wrappers, such as memory MCP servers that allow LLMs to retain information across interactions [34][35]. - The MCP protocol is designed to be flexible, allowing for the integration of various functionalities and the potential for recursive interactions between different MCP servers [50][51]. Group 4: Security and Authorization - The next version of the MCP protocol will include authentication specifications, focusing on user-to-server authorization using OAuth 2.1 or its modern subsets [57][58]. - The design aims to be minimalistic, addressing real pain points without overcomplicating the protocol, ensuring backward compatibility [58][59]. - The protocol's programming language agnosticism allows for a standardized interface, reducing the need for separate SDKs for different programming languages [62].

Anthropic 在去年发布的 MCP 协议，今年因为 Manus 和 Agent 的热潮，突然成为了 AI 领域最热门的协议。OpenAI、微软、Google 等大厂也纷 纷支持协议，国内阿里云百炼、腾讯云也迅速跟进，上线了快速搭建平台。 但争议也不少，很多人质疑 MCP 和 API 区别不大、Anthropic 的工程师对互联网协议不怎么精通、以及协议太简单带来的安全问题等等。 让 MCP 协议的发明者来回答这些问题，再合适不过了。 在 Latent Space 最近的一起播客中，他们邀请到了 Anthropic 团队 MCP 协议的发明者——Justin Spahr-Summers、 David Soria Parra，详细聊 了聊 MCP 的起源，以及他们对于 MCP 诸多想法：为何推出 MCP、 MCP 与现有的 API 有何不同、如何让 MCP 更好利用好工具等等。信息量很 大，建议收藏阅读。 对谈嘉宾介绍： TLDR: Founder Park 正在搭建开发者社群，邀请积极尝试、测试新模型、新技术的开发者、创业者们加入，请扫码详细填写你的产品/项目信息，通过审核 后工作人员会拉你入群～ 进群之 ...