[rvz]

No it isn't. MCP is a security nightmare, just as bad as crypto "smart contracts".

The protocol already has been riddled with embarrassing vulnerabilities which is already a badly designed standard and would already be a disaster if it was applied all over the web.

Security consultants are having a feast on breaking these LLM apps just like they did with the crappy "smart contracts" in crypto. Adding MCP to the mix would just make it all worse.

Neither of them is "Web 3.0".

[simba-k]

MCP's "security nightmare" and toll poising was all is due to people downloading and `exec`ing random untrusted executables. I mention and link it in the article. Same would be true if you downloaded a random REST server, ran it on your computer, and started doing random cURLs to it. MCP over HTTP is just REST for LLMs.

I agree that the current ecosystem pushes for insecure use of MCP, but if we move to using trusted HTTPS-hosted services with OAuth (which is all in the spec), the security issues would be on par with any REST service.

[bloppe]

I think the argument "MCP is Web 3" should be interpreted more-or-less as "LLM interoperability is Web 3"