Users: be thoughtful about what you install, and watch out for dangerous combinations of tools.

Pay special attention to this part of the MCP specification:

For trust & safety and security, there SHOULD always be a human in the loop with the ability to deny tool invocations.

Applications SHOULD:

• Provide UI that makes clear which tools are being exposed to the AI model

• Insert clear visual indicators when tools are invoked

• Present confirmation prompts to the user for operations, to ensure a human is in the loop

I suggest treating those SHOULDs as if they were MUSTs.

I really want this stuff to work safely and securely, but the lack of progress over the past two and a half years doesn’t fill me with confidence that we’ll figure this out any time soon.

This is a fundamental problem with having a computer make decisions on your behalf with your data/info, compounded by the fact that the interface for this computer is human language and persuasion, compounded by the fact that the computer is guided to obey the latest/firmest command given, regardless of source.


Keyboard Shortcuts

Key Action
o Source
e Edit
i Insight
r Random
h Home
s or / Search
www.joshbeckman.org/notes/880308344