Imagine you have a super-smart assistant (an LLM like ChatGPT). It knows a lot, but it doesn’t automatically know:
· What’s in your database
· What APIs your company uses
· How to perform actions like sending emails or querying systems
Now imagine you give this assistant a standard plug system like USB for devices. That’s what Model Context Protocol (MCP) is.
MCP is like a universal adapter that allows AI applications to:
· Access external data (files, databases, APIs)
· Use tools (functions, services)
· Communicate in a consistent way
Instead of building custom integrations every time, MCP gives a standard language and structure for connecting AI to the outside world.
1. What is MCP?
Model Context Protocol (MCP) is an open protocol that standardizes how LLM-based applications interact with external systems. It defines:
How to send context to models
How to expose tools/functions
How to communicate between components (Host, Client and Server)
1.1 Key Components in MCP
Host: The application that manages and orchestrates LLM interactions and MCP integrations
Examples:
· AI-powered IDE
· Chat application
· Automation system
Clients: Embedded inside the host. Responsible for managing connections to MCP servers.
Servers: Provide data (resources), functions (tools) and predefined prompts. These are like Service Providers.
1.2 JSON-RPC 2.0 Communication
MCP uses JSON-RPC 2.0, a lightweight protocol where:
· Requests and responses are JSON
· Communication is structured and predictable
Example
{
"jsonrpc": "2.0",
"method": "tools.call",
"params": {
"name": "getUserOrders",
"arguments": {
"userId": "123"
}
},
"id": 1
}
Above json informs server that "Hey server, please execute the tool getUserOrders with userId = 123 and send me the result".
"jsonrpc": "2.0": Declares the protocol version
"method": "tools.call"
Specifies what action you want to perform. In MCP, "tools.call" = execute a tool. It is like, call a function exposed by the MCP server
"params": Specifies input data for the method
"name": "getUserOrders"
Specifies the tool or function to execute.
"arguments": Input parameters for the tool. Equivalent to function arguments
"id": 1
Unique request identifier. Used to match request ↔ response. Important for async calls and multiple parallel requests
2. The Core Problem MCP is Solving
LLMs are:
· Powerful in reasoning
· Weak in real-time data access
· Limited in executing actions
Without MCP:
· Every integration is custom-built
· No standard way to expose tools
· Hard to scale across teams and systems
When you build an AI assistant for a Gmail-like service without MCP, the entire integration becomes tightly coupled and manually controlled. Suppose a user asks, "Show my last 5 emails from Amazon and summarize them". The language model itself cannot directly access Gmail data, so you, as the developer, must explicitly write code to call the Gmail API, fetch emails, and then pass those emails back into the model for summarization. This means you need to interpret the user’s intent in your application code, detect that the query is about emails, decide which API to call, execute that call, and then invoke the LLM again to generate a response.
All of this logic like intent detection, API invocation, and response formatting—is hardcoded into the application. If you later want to support another system, like Google Drive or Calendar, you must repeat the same effort. More importantly, every other application that needs similar functionality (such as a chatbot, an IDE assistant, or a Slack bot) must independently build the same Gmail integration logic, leading to significant duplication across teams and systems.
This duplication introduces a deeper problem, tight coupling to external service contracts. If the Gmail API changes, such as modifying request formats, authentication mechanisms, or response structures, every application that has implemented this integration must be updated and redeployed. Ensuring all these applications remain in sync becomes operationally complex and error-prone. Over time, the system evolves into a fragile ecosystem where small external changes can cause widespread breakages, making it difficult to scale, maintain, and reliably extend functionality across multiple AI-driven applications.
With MCP, the approach becomes much more structured and dynamic. Instead of embedding Gmail specific logic directly into your application, you expose Gmail capabilities such as fetching emails or sending messages as standardized tools through an MCP server. Your AI application (the host) connects to this server via an MCP client, and the language model is made aware of the available tools and their capabilities. When the same user asks, "Show my last 5 emails from Amazon", the LLM can reason about the request and decide on its own to call a tool like getEmails with appropriate arguments. This decision is not hardcoded in your application. It is driven by the model’s understanding of the task and the available tools. The MCP client sends a structured JSON-RPC request to the MCP server, which executes the Gmail API call and returns the results. The LLM then uses this data to generate a final, human-readable response.
The key difference is in how responsibilities are distributed. Without MCP, your application is responsible for everything understanding the query, deciding which APIs to call, executing them, and combining the results. With MCP, responsibilities are cleanly separated. The MCP server is responsible for exposing capabilities (like Gmail operations), the LLM is responsible for deciding when and how to use those capabilities, and the host application orchestrates the overall flow. This separation makes the system far more flexible and scalable.
Another major improvement is reusability. In the non-MCP approach, your Gmail integration is tightly bound to a single application. If you want to build another AI interface say a Slack bot or an IDE assistant, you must reimplement the same Gmail logic again. With MCP, the Gmail functionality is exposed once as a standardized server, and any MCP compatible AI application can reuse it without additional effort. This dramatically reduces duplication and enables a plug-and-play ecosystem.
In essence, MCP transforms integrations from being hardcoded and application-specific into standardized and reusable capabilities. Without MCP, the LLM is passive, it depends entirely on the developer to fetch data and perform actions. With MCP, the LLM becomes active and it can discover tools, invoke them, and incorporate real-time data into its reasoning. This shift is what allows AI systems to move from simple text generators to powerful, context-aware assistants that can interact with real-world systems like Gmail in a scalable and maintainable way.
3. Security & Trust in the Model Context Protocol (MCP)
The Model Context Protocol (MCP) unlocks powerful capabilities for AI systems—enabling access to external data, tools, and execution paths. But with great power comes an equally important responsibility: security, trust, and user control must be at the core of every implementation.
3.1 User Consent & Control
Every data access and action must be explicitly approved by the user. Users should clearly understand what data is being accessed and what actions are being performed.
Systems should provide transparent UIs where users can:
· Review requests
· Approve or reject operations
No hidden actions. No silent data sharing.
3.2 Data Privacy
MCP systems often deal with sensitive user data. That makes privacy non-negotiable.
· User data must only be shared with explicit consent
· Hosts must never transmit data to servers without permission
· Strong access controls and safeguards should be in place
3.3 Tool Safety
Tools in MCP are incredibly powerful, they can execute code, call APIs, and interact with systems. But that also makes them risky.
· Treat all tools as potentially unsafe by default
· Tool descriptions (like annotations) should be considered untrusted input
· Always require explicit user approval before tool execution
· Clearly explain:
o What the tool does
o What impact it will have
Think of tools as “remote actions” — users must know exactly what they’re triggering.
3.4 LLM Sampling Controls
MCP introduces a unique aspect: LLM sampling requests (Where a MCP server asks the model to generate something).
These must be tightly controlled.
Users should decide:
· Whether sampling is allowed at all
· What exact prompt is sent to the model
· What output is shared back with the server
In summary, MCP is not just about connecting models to tools and data, but about doing so responsibly with a strong emphasis on user trust. It is built on the principle that power should never come at the cost of trust, and achieves this by enforcing explicit user consent, maintaining transparency in operations, setting strict boundaries on data usage, and ensuring safe execution of tools. Together, these principles enable MCP to create a system where powerful capabilities and user trust can grow hand in hand.
Previous Next Home

No comments:
Post a Comment