What should these protocols say about security?
Researchers and developers still do not really understand how AI models work, and new weaknesses are always known. For chat boot styling AI applications, malicious attacks can cause models to do all kinds of bad things, including reorganizing training data and slipping into it. But for AI agents, who interact with the world by someone, are more likely to be at risk.
For example, an AI agent, made to read and send emails for someone, has already been Is shown The risk is known as indirect injection attack. Basically, an email can be written like this Hijacks AI model and it causes malfunction. Then, if this agent has access to user files, the attacker may be instructed to send private documents.
Some researchers believe that protocols like MCP should prevent agents from taking such harmful measures. However, this is not at this time. “Basically, there is no security design,” says Zahon Chen, a student at Chicago’s PhD University, using AI agent security and MCP servers.
A security researcher and activist Bruce Shenier is Shaki that there will be a lot to do to reduce the hereditary risks that come up with MCP -like protocol AI, and there is a concern that giving maximum strength to such technology will give it more potential to harm it in the real, physical world. “We do not have good answers about the method of preserving this,” says Shaniyar. “This is really going to be a security cycol.”
There are more hopes. Security design can be added to MCP and A2A as it is for Internet Protocols such as HTTPS (though the nature of attacks on AI system is very different). And Chen and Anthropic believe that standardizing protocols such as MCP and A2A can help facilitate and facilitate security issues in the same way. Chen has used MCP in his research to test different programs that can play in attacks to better understand different programs to test different programs. Anthropic’s Chow believes that these tools can allow cyber -scoring companies more easily than attacks against agents, as it will be easier to see who sent it.
How open should this protocol be open?
Although the MCP and A2A are two of the most famous agent available today, there are many others in the tasks. Like big companies Sisco And Ibm Are working on their own protocol, and other groups have presented different designs AgoraDesigned by researchers at the University of Oxford, who upgrades an agent service communication in real -time structural data from the human language.
Many developers hope that eventually be a registry of secure, reliable systems to navigate the spread of agents and tools. Second, including Chen, want users to classify different services such as AI agent tools like Yelp. Some more niche protocols have even made blockchain above the MCP and A2A to show the servers that they are not just spam.