OpenAI's implementation of MCP in ChatGPT is limited.
- They only allow a subset of allow-listed MCP instances for certain use cases.
- This will quickly evolve into a kind of app-store distribution system.
- A closed system.
- But this is also inevitable given the security and privacy implications of MCP.
- MCP is extraordinarily dangerous–not only potentially malicious integrations, but also prompt injection within the data in those integrations.
- This ChatGPT limitation doesn't actually do anything to mitigate prompt injection.
- When you run a local client with MCP integrations, it's clearly your fault if an MCP integration bites you.
- But if you're a less-savvy consumer using a feature of a popular chat app and MCP bites you, you're more likely to blame the chat app creator.
- MCP is not the right way to solve the integration problem for AI.