alt Hacker NewsMCP is just a small, boring protocol that lets agents call tools in a standard way, nothing more. You can run a single MCP server next to your app, expose a few scripts or APIs, and you are done. There is no requirement for dozens of random servers or a giant plugin zoo.
Most of the “overhead” and “security nightmare” worries assume the worst possible setup with zero curation and bad ops. That would be messy with any integration method, not only with MCP. Teams that already handle HTTP APIs safely can apply the same basics here: auth, logging, and isolation.
The real value is that MCP stays out of your way. It does not replace your stack, it just gives tools a common shape so different clients and agents can use them. For many people that is exactly what is needed: a thin, optional layer, not another heavy platform.
Replies
Nah, MCP still has security issues, you can create an MCP server to exfil sensitive data by creating tools which AI at first things are doing something else but then in params you ask it to give sensitive info
"tools" are also a fad. It will all just converge back to being called APIs.
Sorry but disagree. For me the main part is the resources, which automatically get mounted in the computing environment, bypassing a whole class of problems with having LLMs work with a large amount of data.
I found it a common misconception so I wrote about it here https://goto-code.com/dont-sleep-on-mcp/
> Most of the “overhead” and “security nightmare” worries assume the worst possible setup with zero curation and bad ops.
You'll be surprised to learn that these are extremely common, even in large corporations. Security practice is often far from ideal due to both incompetence and negligence. Just this week, I accidentally got the credentials for the account used in our CI systems. Don't ask me how this could possibly happen.