It's a similar problem faced by CICD pipelines. e.g. engineers (delegator) trigger pipelines tasks via APIs (MCP) which sees pipeline run terraform (agent) code which makes stuff be built and changed on various platforms, including configuring and interacting with other (upstream) services.
I feel like when CICD systems are well built, they're built assuming the user/engineer is completely non-deterministic, like an unpredictable agent.
alwaysanon•5h ago
It is a bit of a different thing than pipelines because in every organisation I've worked at you're expected to have a peer review via pull request for anything going to production - and that is before the change is merged/pipeline triggered. The idea is that anything super-nefarious should be caught by the peer during the PR review and questioned/denied before it can happen.
I doubt we'll want each prompt we make that could leverage an MCP to be peer reviewed beforehand in the same way.
alwaysanon•5h ago
That said - thinking this through some more I wonder if we could give an AI agent elaborate rules on what is and/or isn't acceptable through an MCP and let it do that "peer review"...
bitweis•50m ago
100% - it's really about context aware policies for each type of agent, server, interaction, etc.
That's why fine-grained policies are such a big part of the answer here
1dom•5h ago
I feel like when CICD systems are well built, they're built assuming the user/engineer is completely non-deterministic, like an unpredictable agent.
alwaysanon•5h ago
I doubt we'll want each prompt we make that could leverage an MCP to be peer reviewed beforehand in the same way.
alwaysanon•5h ago
bitweis•50m ago