Mankind’s greatest accomplishments have resulted from the effective usage of tools such as the lever, the wheel, steam engines, and, more recently, the NVIDIA H100 GPU. This holds true for large language models as well. A billion or a trillion parameter knowledge isn’t enough to do great things – LLMs need to interact with a plethora of tools, data sources and other external programs.
Forget multimodal AI and reasoning; Anthropic’s approach to AI has been very different from OpenAI’s. After Claude Artifcafts and Computer Use, Anthropic recently open-sourced the Model Context Protocol (MCP) – its new standard for connecting AI assistants to external data sources and repositories.
Notably, it isn’t taking long for companies and developers to build on top of the open-source framework.
There’s an array of MCP servers that utilise APIs from some of the most popular apps available today, including Spotify, Google Maps, Todolist and Brave. There’s also a website that offers a much more user-friendly interface to explore all the MCP servers.
MCP is MVP
Anthropic is also letting developers have fun with MCP. A few days ago, it invited over a hundred developers to a hackathon in San Francisco. At the competition, the ‘fun award’ was presented to an agent named Santa Claude, who finds gift ideas on NYT Wirecutter and makes the purchase on Amazon.
Another agent, Run MCP, won the ‘creativity award’ for enabling Claude’s new tools, such as file downloader and QR code generation.
“I built an MCP server that lets Claude view and create various AWS resources. While this was an experimental project, it’s exciting to get a glimpse into the use cases that will be unlocked through this open standard,” a developer on X said.
AIM spoke to Kirk Kaiser, a developer who participated in the hackathon and has also built a number of use cases with MCP. One of the more unique use cases Kaiser has built is its ability to prompt and edit a video inside Claude. It can also be used to summarise videos and search for specific mentions in the content.
What if you could download, search, and edit videos right from an LLM? I've been using @AnthropicAI 's Claude and Model Context Protocol to build an LLM video editor in the past few days. pic.twitter.com/hxvJBjjziC
— Kirk Kaiser (@burningion) December 7, 2024
“Being able to build video tools for LLMs, where they can understand, edit and build videos, is what I think is very exciting for me personally,” he said.
Younger startups may also be able to gain much-needed visibility if their apps can be accessed natively inside Claude. Recently, Exa AI, an AI-enabled search engine that understands your query and points to the most accurate information source, was able to integrate their tool into Claude using MCP. Exa also released the code on GitHub.
Even Devin, popularly touted as the ‘AI software engineer’, worked on testing and solving issues inside MCP.
“Agents improving agents, it only moves faster from here on out,” said Alex Albert, head of Claude relations at Anthropic.
So What’s Different?
At the end of the day, if MCP is communicating between a data source and a client, how is it different from RAG?
Some developers believe that it may just be a barebones RAG implementation, or it may just integrate RAG to augment its capabilities.
“It’s just a wrapper to get items for context. Basically an open-source barebones RAG implementation,” said a user on Reddit.
Another user believes that the goal is to slot RAG into MCP. “The problem everyone has right now is that the glue to connect an LLM with a tool that can do stuff, the lookup of data sources, etc., is always custom and never composable or uniform in a way that enables reuse and shared benefit.”
To fix the limitation, MCP is providing a standard protocol for everyone to connect anything to an LLM.
AIM spoke to Sudipta Biswas, co-founder of Floworks, and asked how MCP differs from ThorV2 – their in-house model-level architecture that improves the function calling abilities inside an LLM.
He mentioned that MCP works on the protocol layer, which is the highest level in an LLM. Techniques like RAG or GraphRAG work at a model level.
“I think the limitation is [that] it is just good at connecting small approaches – like small databases with limited capabilities,” he added.
However, for databases like HubSpot or Salesforce, declaring an API with a REST API format to connect around a million tokens would be the better choice.
“Developers at HubSpot need to adapt to MCP fully as they release new APIs and new endpoints, which is a challenge because REST API has been a market standard for 20-25 years,” he said.
For now, Biswas feels MCP is not a threat to architectures like ThorV2 or similar ones on a model level. He further said that MCP can work as an extension of model-level techniques. “If MCP happens to perform better, we’ll plug it into the last stage of ThorV2, and it will probably even perform better.”
Deployment Challenges and Security Concerns Loom
While Kaiser is a fan of MCP, his experience wasn’t free from challenges. For one, MCP brings a high level of abstraction, and it may not be clear what exactly is happening between the client and the server.
It isn’t just him; several users on a HackerNews thread expressed confusion regarding what happens underneath the hood.
However, when building more complex use cases, one must consider the context window. “That was my very first question when I was at the hackathon,” Kaiser said.
When Kaiser uses MCP to work with video files, he often sends giant JSON files that have images, screenshots, transcripts, and so on. “If I do a search where I have 12 different videos that get returned, I’m only going to be able to see maybe the first three or four, depending on how long those videos are.”
“It’s not necessarily clear ahead of time how much context you’re going to get,” he added. So it is indeed challenging to decide what information is important enough to fit in the context window.
Of course, if a protocol is interfacing with multiple sources of information, security concerns would remain.
MCP will also need critical security upgrades going forward. Guy Goldenberg, a software engineer at Wiz, was able to identify severe vulnerabilities in the MCP servers. These vulnerabilities, he said, could allow attackers to bypass protections, gain access to system files and execute commands.
“The MCP PostgreSQL server has a critical flaw that allows attackers to bypass read-only restrictions by injecting SQL commands,” he said. This ends up turning a read-only database into full access for writing, modifying and executing code.
Anthropic acknowledged the need to improve the security features. Justin Spahr-Summers, a member of the technical staff at Anthropic, said on the Hacker News thread. “Although MCP is powerful, and we hope it’ll really unlock a lot of potential, there are still risks like prompt injection and misconfigured or malicious servers that could cause a lot of damage if left unchecked.”
All said MCP is quite powerful – even more so if you think of marrying it with Claude’s other capabilities. “You could imagine building an MCP server (integration) for a particular piece of legacy software, and inside that server, you could employ Computer Use to actually use and automate it,” he added.
