Sign up to save your podcasts
Or
Share Episode 239 - MCP: Hype, Security, and Real-World Use
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 239 - MCP: Hype, Security, and Real-World Use
Join us on Two Voice Devs as Allen Firstenberg talks with Rizel Scarlett, Tech Lead for Open Source Developer Relations at Block. Rizel shares her fascinating journey from psychology student to software engineer and now a leader in developer advocacy, highlighting her passion for teaching and creative problem-solving.
The conversation dives deep into Block's innovative open source work, particularly their AI agent called Goose, which leverages the Model Context Protocol (MCP). Rizel explains what MCP is, seeing it as an SDK or API for AI agents, and discusses the excitement around its potential to democratize coding and other tools for developers and non-developers alike, sharing compelling use cases like automating tasks in Google Docs and interacting with Blender.
However, the discussion doesn't shy away from the critical challenges facing MCP, especially concerning security. Rizel addresses concerns about trusting community-built MCP servers, potential vulnerabilities, and mitigation strategies like allow lists and building internal, vetted servers. They also explore the complexities of exposing large APIs, the demand for local AI for privacy, the current limitations of local models, and the user experience of installing and trusting MCP plugins.
Rizel shares examples of promising MCP servers, including those focused on "long-term memory" and, notably, a speech/voice-controlled coding server, bringing the conversation back to the show's roots in voice development and accessibility, touching upon the concept of temporary disability.
The episode concludes by reflecting on whether MCP is currently a "small, beginner solution" being hyped as a "massive, full-featured" one, the need for more honest conversations about its limitations, and the ongoing efforts within the community and companies like Block to improve the protocol, including discussions around official registries and easier installation methods like deep links.
Tune in for a candid look at the exciting, yet challenging, landscape of AI agents, MCP, and open source development.
More Info:
* Goose - https://github.com/block/goose
* Pieces for Developers - https://pieces.app/features/mcp
* Speech MCP - https://glama.ai/mcp/servers/@Kvadratni/speech-mcp
[00:00:48] Meet Rizel Scarlett & Her Career Journey (Psychology to Dev Advocacy)
[00:03:54] Introducing Block & Its Mission (Square, Cash App, etc.)
[00:04:58] Block's Open Source Division and the Goose AI Agent
[00:05:48] Diving into the Model Context Protocol (MCP)
[00:07:56] What is MCP? (SDK for Agents) & Exciting Use Cases (Democratization, non-developers)
[00:10:36] Major Security Concerns with MCP (Trust, vulnerabilities, typo squatting)
[00:11:48] Mitigation Strategies & Authentication (Allow Lists, Internal Servers, Vetting)
[00:17:59] The Current State of MCP: An Infancy Protocol
[00:20:09] Complexity & Context Window Challenges with MCP Servers
[00:23:14] User Demand for Local AI & Data Privacy
[00:25:31] User Experience of MCP Plugin Installation & Trust
[00:28:42] Examples of Useful MCP Servers (Pieces, Computer Controller, Speech)
[00:31:18] The Power of Voice-Controlled Coding (Accessibility, temporary disability)
[00:33:59] MCP: Hype vs. Reality & The Need for Honest Conversations
[00:36:00] Efforts to Improve MCP (Committees, Registries, Deep Links)
#developer #programming #tech #opensource #block #ai #aigent #llm #mcp #modelcontextprotocol #devrel #developeradvocacy #security #cybersecurity #privacy #localai #remoteai #accessibility #voicecoding #riselscarlett #gooseai
View all episodes
By Mark and Allen
1
11 ratings
Join us on Two Voice Devs as Allen Firstenberg talks with Rizel Scarlett, Tech Lead for Open Source Developer Relations at Block. Rizel shares her fascinating journey from psychology student to software engineer and now a leader in developer advocacy, highlighting her passion for teaching and creative problem-solving.
The conversation dives deep into Block's innovative open source work, particularly their AI agent called Goose, which leverages the Model Context Protocol (MCP). Rizel explains what MCP is, seeing it as an SDK or API for AI agents, and discusses the excitement around its potential to democratize coding and other tools for developers and non-developers alike, sharing compelling use cases like automating tasks in Google Docs and interacting with Blender.
However, the discussion doesn't shy away from the critical challenges facing MCP, especially concerning security. Rizel addresses concerns about trusting community-built MCP servers, potential vulnerabilities, and mitigation strategies like allow lists and building internal, vetted servers. They also explore the complexities of exposing large APIs, the demand for local AI for privacy, the current limitations of local models, and the user experience of installing and trusting MCP plugins.
Rizel shares examples of promising MCP servers, including those focused on "long-term memory" and, notably, a speech/voice-controlled coding server, bringing the conversation back to the show's roots in voice development and accessibility, touching upon the concept of temporary disability.
The episode concludes by reflecting on whether MCP is currently a "small, beginner solution" being hyped as a "massive, full-featured" one, the need for more honest conversations about its limitations, and the ongoing efforts within the community and companies like Block to improve the protocol, including discussions around official registries and easier installation methods like deep links.
Tune in for a candid look at the exciting, yet challenging, landscape of AI agents, MCP, and open source development.
More Info:
* Goose - https://github.com/block/goose
* Pieces for Developers - https://pieces.app/features/mcp
* Speech MCP - https://glama.ai/mcp/servers/@Kvadratni/speech-mcp
[00:00:48] Meet Rizel Scarlett & Her Career Journey (Psychology to Dev Advocacy)
[00:03:54] Introducing Block & Its Mission (Square, Cash App, etc.)
[00:04:58] Block's Open Source Division and the Goose AI Agent
[00:05:48] Diving into the Model Context Protocol (MCP)
[00:07:56] What is MCP? (SDK for Agents) & Exciting Use Cases (Democratization, non-developers)
[00:10:36] Major Security Concerns with MCP (Trust, vulnerabilities, typo squatting)
[00:11:48] Mitigation Strategies & Authentication (Allow Lists, Internal Servers, Vetting)
[00:17:59] The Current State of MCP: An Infancy Protocol
[00:20:09] Complexity & Context Window Challenges with MCP Servers
[00:23:14] User Demand for Local AI & Data Privacy
[00:25:31] User Experience of MCP Plugin Installation & Trust
[00:28:42] Examples of Useful MCP Servers (Pieces, Computer Controller, Speech)
[00:31:18] The Power of Voice-Controlled Coding (Accessibility, temporary disability)
[00:33:59] MCP: Hype vs. Reality & The Need for Honest Conversations
[00:36:00] Efforts to Improve MCP (Committees, Registries, Deep Links)
#developer #programming #tech #opensource #block #ai #aigent #llm #mcp #modelcontextprotocol #devrel #developeradvocacy #security #cybersecurity #privacy #localai #remoteai #accessibility #voicecoding #riselscarlett #gooseai
More shows like Two Voice Devs
View all
Dwarkesh Podcast
350 Listeners
The Daily AI Show
3 Listeners