Episode 6: Model Context Protocol (MCP)

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/24/d4/a4/24d4a407-d544-f33c-0f16-49d556222f57/mza_17262048424009967100.jpg/600x600bb.jpg

Before The Commit

Danny Gershman, Dustin Hilgaertner

13 episodes

1 day ago

🧠 Before The Commit: What happens before code is written matters more than ever. Join engineers from SC2S, C2S, and secure DoD factories as they explore AI-powered dev, shifting threat surfaces, and real-world workflows. No hype, no hot takes — just honest, tactical insight for leaders who know that pre-commit is too late. Hosted live by Danny Gershman & Dustin Hilgaertner. Secure or Sus? Let’s find out.

Technology

RSS

All content for Before The Commit is the property of Danny Gershman, Dustin Hilgaertner and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/44033863/44033863-1752004425161-c1ba27a4d2e0e.jpg

Episode 6: Model Context Protocol (MCP)

Before The Commit

59 minutes 25 seconds

2 months ago

Episode 6: Model Context Protocol (MCP)

This episode discussion AI coding topics, starting with MCP ("Model Context Protocol"), an open-source framework by Anthropic for reflective APIs. MCP enables LLMs to self-discover and use external capabilities dynamically, bypassing traditional API integration. It comprises four primitives:

- **Resources**: Read-only data access (e.g., databases, files) via path-like queries, ensuring security by limiting to retrieval. Example: Exposing a CRM database for LLM queries without write access. Authentication mirrors standard APIs.

- **Prompts**: Templated, guided interactions provided by the server (e.g., Facebook's pre-built prompts for timeline queries).

- **Tools**: Action-oriented, enabling agentic behavior (e.g., posting on Facebook). Includes LLM-ready docs on usage, inputs, and outputs.

- **Sampling**: Allows servers to request responses from the client's LLM, distributing load or enabling conversations between LLMs (e.g., personal assistant LLM negotiating with a salesperson LLM for tickets). This fosters nuanced, non-atomic interactions beyond rigid APIs, like customizing orders or human-in-loop support. Hosts envision LLM-to-LLM chats simulating human negotiations, reducing need for sales teams.

They experimented with MCP servers like Playwright (for browser testing/screenshots), Context7 (distilled docs for libraries), and Kubernetes. Compared to bash tools, MCP offers better security and standardization.

Next, "Insecure SUS" (possibly "Is Source Code Necessary?") debates if programming languages matter in AI coding. Hosts argue source code remains essential for auditing, debugging, and compliance, as LLMs aren't superintelligent yet—hallucinations and flaws require human oversight. In the future, direct binary generation might emerge, but currently, code enables precise communication with AI. Engineers won't vanish; AI augments like chainsaws did lumberjacks.

They praise Grok Code (Grok-code-fast-one), a fast, chain-of-thought model from xAI, free until Sept 10 in tools like Cursor. It's non-sycophantic, tool-savvy, outperforming Claude in speed/smarts, though not a full IDE like Claude Code. Cursor improvements: Better terminal handling, user interactions.

**News or Noise**:

- OpenAI enhances teen protections (trusted contacts) amid LLM use as therapists; collaborates with Anthropic on model evaluations.

- Survey: 50% of workers hide AI use to avoid judgment; C-suite hides more (53%). Gen Z/juniors lack training, risking security gaps. Hosts warn of "shadow AI" if companies ignore it—urge guardrails and education.

- AI stethoscope detects 3 heart conditions in 15s.

Episode teases future topics: Tools like Light LLM for LLM misuse prevention, Warp IDE. Hosts explain podcast name: Securing AI interactions "before the commit" in coding pipelines.