Transcript
I must've missed the 1.0 movie. I didn't even see the first one, let alone the sequel. So maybe just a good idea to, can you step us back? Talk to us about how MCP kind of came to be and how we've evolved so quickly, by the way, from the 1.0 spec to 2.0. Yep. So I think that's a great place to start. And if you look at the two models or the two protocols, 1.0 really tells a different story to what 2.0 is telling. So if we look back to what we're trying to achieve with 1.x, it was really necessitated out of the industry, needing to come up with the tools and protocols to be able to utilize AI within our organizations, our environments, and empower them to be able to use the tools that we've already created. So the initiative behind 1.0, 1.x was really that flavor of onboarding and adaption of the technology. The shift of 2.0 is really taking a step back and saying, how can we secure this adoption? Right. And really 2.0 was introduced to answer a basic question of how can I have AI execute actual work within my enterprise without it creating a security risk? So this, this is really a movement forward on how we're starting to secure the protocol. And, and this jump from one V1, V2 spec happened very quick. In the grand scheme of most revs, and I guess, following the speed at which AI is moving, this is, we're not done here. We're going to continue to probably see this kind of evolution and speed for the specification. And it's a comment I've made in the past to show very clearly that 1.x was really about onboarding us, our technology to move forward to using AI. And step two is really securing those models. Can you give an example of how this is used at a high level? I know your white paper goes into much more significant detail, but how is this used in practice, you know, a day to day? Okay. So what 2.0 has introduced for us is really three foundational changes to the protocol. And the first of that is it's, it's bringing to the table support for OAuth. And what OAuth really does is, I'm going to get some, some feedback from this, but conceptually, how I like to think of OAuth is a active directory for the internet, right? So what this allows us to do is assign permissions, privileges to specific cryptographic keys and police those. Currently, you know, MCP 1.x, we've been releasing, we've been using these cryptographic signatures to verify, but against what authority? OAuth 2.0 brings that standardization in. So we're able to exercise elite's privilege. The second enhancement that they're bringing to this is structured schemas. Now structured schemas is a really big thing. Uh, it's a, it was one of the primary attack vectors for, uh, malicious users to try and prompt inject into your environment. Okay. Now what structured schemas do, if I was going to compare that to another technology, again, I would think about, uh, parameterized queries with an SQL or a whitelist for instance, and these structures allow you to define. Specifically what actions a tool is able to do and anything else it will just ignore. So it's a very important label, a whitelist of what we're able to do. Got it. We can't say it's, it's a little early to tell, but we can't say that that's going to completely solve the problem, but it is a very robust way to solve the easy, the easy compromise that people had before, right? So these are, and these are two major additions that did not exist at all in 1.0 spec, is that correct? Correct. Not, not at all. The third and final, uh, enhancement that they've made is introducing this illicit, elicitation flow. And what that really gets down to is being able to pause the workflow of any AI agents and interrogate that point in time. So, you know, think about all the flavors, what we can do just beyond reissuing security credentials, because an action needs as high authority, or just getting explicit confirmation to say, yes, this is a high risk action. Do you want to confirm and move forward? Having that mechanism put in place completely changes everything happening autonomously and us needing to log that and try and keep track of what's going on. We're able to now put a pause button on all of our execution flows and control that, which is wildly different to where we were before and think of all the security pieces you can fit in now by being able to put a pause within a process. Yeah. I mean, the, the constructs are there and now it's probably about maturity, right? I mean, not, not just within the 2.0 spec, but clearly a launching pad for even future, you know, you know, future schemas and lockdown parameters and all of the things that you're talking about.
