So long as the control messages and the processed results are the same channel, they will be at an insecure standoff. This is the in-band vs. out-of-band signalling issues like old crossbar phone systems and the 2600hz tone.
Novel, no, but we’ve seen this cycle so many times before where people get caught up in the new, cool shiny thing and don’t think about security until abuse starts getting widespread. These days it’s both better in the sense that the security industry is more mature and worse in that cryptocurrency has made the attackers far more mature as well by giving them orders of magnitude more funding.
With MCP the paradigm seems to not be people getting overly excited and making grave security errors, and is rather people getting overly pessimistic and portraying malicious and negligent uses that apply broadly as if it makes MCP uniquely dangerous.
MCP is somewhat unusually dangerous in the sense that prompt injection is an unsolved problem, but in general the tone I’ve seen has felt more like a reminder not to get so caught up in the race that you forget security.
