Model Context Protocol (MCP) is transformative for artificial intelligence (AI), standardizing and creating context for a Large Language Model (LLM) to interact with external tools and data (e.g. Application Programming Interface (API), database, and files). Think of MCPs like containers for AI, where the “package” has everything you need for context to get the job done, compared to the older non-standardized methods of AI processing and learning. Another way to think of it is automated AI scripting and integration, custom to your use case and business. Even better, MCPs can be linked to each other for amazing streamline standardized modular scripted automation with continuous learning.
This technology is hot off the presses in the fall of 2024 and has already had an impressive impact! Be warned, cliffhanger at the end of this article, there is a big risk coming with this projected transformative explosion of this amazing new technology.
Context is King
As a Cyber Threat Intelligence (CTI) expert I know how important context is often telling my teams that “Context is King”. MCP rocks the world of AI with context so that AI can make efficient and intelligence decisions and learn from a world of context designed for a specific purpose, all within a specific context, which is extreme power. Coupled with the modularity of other MCPs, where you can link to them as clients or servers in a utilitarian fashion, MCPs can feed off of one another in amazing ways towards powerful outcomes yet to even be imagined – because context enables AI to continuous learn and refine within itself for each MCP and within the larger ecosystem. This is a game changer in the world of AI!
In the old world of AI you’d be making API calls and sometimes the answer that come back are way off base. Why is that? They lacked context. When you add context the AI engine now has what it needs to properly interpret and know how to best interpret and respond and learn to more likely be successful with contextual reasoning. Autonomous learning – intelligence – is achieved when you have context. Without context you cannot make decisions or achieve higher levels of thought, it is impossible. MCPs create context and the framework in which AI can consistently perform contextualized reasoning and learning.
Some have stated that MCPs are like the modern-day command line (CLI) solution for non-API people of the world. That’s true in terms of how it contains everything you need in a standardized package, all the resources, everything by design, and you simply interact with it. Simple, right. Indeed. It will explode. The tradeoff is that it’s passive and will not inherently provide insight, and without structured metadata standards, may result in inconsistent results. The right design and updates to MCPs is critical and there will be a lot of ‘cr*p’ MCPs built in the immediate future by someone wanting to make a quick buck while learning a new tech.
The Old Days
In writing this article I thought back to when I invented the Optiv Threat DNA system, which does not use AI but heavy machine learning (ML), lots of carefully crafted logic, and carefully throughout crafted people, process, and technology – to scale – operations to digest a top ten global MSSP set of data in real time and perform the first ever Platform as-a-Service (PaaS) solution that can identify with granular abilities, malware naming and attribution, geopolitical mapping, actor attribution and more. It took three years to build and put in place and is incredibly complicated to achieve from a design perspective. Maintaining it, for attribution and response is costly, because it’s based upon a traditional CTI and human intelligence (HUMINT) analytical tradecraft and human in the loop (HITL) in operations (Ops). This was before AI and MCPs arrived, based upon my pioneering days in CTI and counterintelligence…
Understanding MCPs
MCPs are an open-source collaborative global effort. Prepare yourself for a rapid explosion of MCPs that have a “package” of context for whatever it is that you are looking for in the world of AI and outcomes for specific use cases and outcomes. MCPs include specifications and resources for context for the following:
- Data ingestion and transformation
- Contextual metadata tagging
- Model interoperability across platforms
- Secure bi-directional communications between data sources and AI-powered tools
- Protocol specifications and SDKs
- Local MCP server support in Claude Desktop Apps
- Open-source repository of MCP servers
A wide range of applications and use cases exist for MCP already, despite its young age:
- Agentic AI workflows involving multiple tools, enabling chain-of-thought reasoning over distributed resources, through muti-tool agents
- Plain-language information retrieval from applications like AI2SQL for natural language data access
- Coding assistance, with real-time code context, assisting software development within integrated development environments (IDE) like Zed, Cursor, and GitHub Copilot
There are many other applications, such as life editing to websites, reading and interacting with system tools securely, and interacting with customer relationship management (CRM) systems. A rapid explosion of use cases and applications is projected to occur rapidly in 2025, given the open-source flexible nature and demand of MCP and how it quickly enables context, efficiency, and cost savings within the world of AI.
MCP Implementation
Developers can create custom MCP servers or proprietary systems with specialized data sources. Custom implementations enable the following:
- Context-aware AI responses specific to the business and context of the use case
- Automated workflows across multiple business applications
- Custom data processing pipelines for AI consumption
- Real-time access to private resources, databases, and internal tools and data
- Secure integration including company PII and sensitive business systems
In case you missed it – this can be deployed privately, custom designed for your business, with your own private vector database Retrieval Augmented Generation (RAG). This is huge because it’s business AND use case specific, with context, like a container, for the MCP to perform all the logic and learning, specific to your organization, to consume, interact, and continuous process and learn and it’s repeatable! Everyone starts building various MCP use cases and custom servers and clients, and then we can leverage the best of the best for our needs in AI. Let that sink in…over time the potential is amazing!! I’m a believer, are you?
RISKS
Welcome to the Wild Wild West of MCP! This new transformative technology will soon take the world by storm. We’ll quickly see the Good, the Bad, and the Ugly in designs, abuse, and implementation. You’re probably just learning about MCP for the first time when you read this article at the time of publication, June 2025. I’ll summarize the main risks on implementation, use, and security, below:
- Don’t blindly trust MCPs – the devil is in the details.
- It’s a package deal and the content inside of it may or may not be trusted.
- Exactly what is it doing, how does it respond, and is the author and related resources trusted or not? Careful on server-client relationships and resources!
- Design matters – hire experienced AI developers who will develop strong prompt and resource models and other detailed components to ensure a successful outcome for your business. Ask them to demonstrate how they did this, on a detailed level within the MCP, for other businesses (e.g. prompt engineering, custom RAG resources, etc). Hire another MCP professional to ask questions of the developers of your MCP to scrutinize, because you need expert help all the way through on this nascent technology.
- Realize that if you’re throwing all your data into an MCP it’s at risk. Don’t take this lightly. Know where your data is at rest and in motion, what connects to it, and all the security basics of the old world applied to the new within MCP, to ensure your data is not at risk.
- Don’t expect the easy button even on a read-only MCP. It won’t always work like you think and may have inconsistent results. It will be easier to use than your traditional API/REST world but it’s no silver bullet. You still have work to do in selecting, onboarding, deploying, and managing whatever MCP you deploy. Realize this up front, bring in an expert to guide you, and plan for this and ensure you have the right extensions and designs and testing to ensure a successful outcome.
- You will not achieve standardization in operations by using an MCP. Remember, leader, people are always your most valued asset, and you are their leader, and the tool is just an enabler towards your business outcome. Your services orchestration and composition with agility is a management function that only you can lead and achieve through your people.
- MCPs will explode and soon be the coined as the solve for everything, including in the world of cyber security orchestration, threat detection, and all those time-consuming things we don’t want to do as humans – not true. You’re responsible for managing your business operations and orchestration and how you use technology, like MCP, to help achieve that. MCP isn’t the solution but is part of it, make note of that articulated point in how you lead.
- Integration of MCPs with LLMs is still being figured out. Over time scalability models and the right balance of where payloads and information, to scale, is brought in and managed and learned, is critical. MCP creates the context while LLMs perform the support functions necessary for the shared responsibility models required for the business outcome desired, in orchestration.
- Careful with what you connect and put into your MCPs.
MCP is an amazing new standard and the context that AI has been needing in open source all these years. It requires a security standard and framework with security controls to go along with it! Join me in helping to create a new MCP Security Framework by emailing me at ken @ 4D5ASecurity.com.
