It's a similar problem faced by CICD pipelines. e.g. engineers (delegator) trigger pipelines tasks via APIs (MCP) which sees pipeline run terraform (agent) code which makes stuff be built and changed on various platforms, including configuring and interacting with other (upstream) services.
I feel like when CICD systems are well built, they're built assuming the user/engineer is completely non-deterministic, like an unpredictable agent.
alwaysanon•6mo ago
It is a bit of a different thing than pipelines because in every organisation I've worked at you're expected to have a peer review via pull request for anything going to production - and that is before the change is merged/pipeline triggered. The idea is that anything super-nefarious should be caught by the peer during the PR review and questioned/denied before it can happen.
I doubt we'll want each prompt we make that could leverage an MCP to be peer reviewed beforehand in the same way.
alwaysanon•6mo ago
That said - thinking this through some more I wonder if we could give an AI agent elaborate rules on what is and/or isn't acceptable through an MCP and let it do that "peer review"...
bitweis•6mo ago
100% - it's really about context aware policies for each type of agent, server, interaction, etc.
That's why fine-grained policies are such a big part of the answer here
1dom•6mo ago
I feel like when CICD systems are well built, they're built assuming the user/engineer is completely non-deterministic, like an unpredictable agent.
alwaysanon•6mo ago
I doubt we'll want each prompt we make that could leverage an MCP to be peer reviewed beforehand in the same way.
alwaysanon•6mo ago
bitweis•6mo ago