alt Hacker NewsThis is solved by the agent having its own identity and credentials. Why would you share your login and identity with your AI agent?
Access control and permissions should be handled on the backend by enforcing IAM on well-defined principals, not with MCP middleware. Claude can already bypass MCP and call APIs or use CLIs if it runs into blockers using MCP, so it’s not an effective point to implement the control.
Replies
darepublic • yesterday at 11:22 PM
You can have agents that serve multiple different users with varying levels if permission
➕ show 1 reply
IAM is generally binary (allowed yes/no) whereas MCP usually supports more nuance (always allow/ask if risky/always ask/no)