EPISODE · May 16, 2025 · 41 MIN
Episode 239 - MCP: Hype, Security, and Real-World Use
from Two Voice Devs · host Mark and Allen
Join us on Two Voice Devs as Allen Firstenberg talks with Rizel Scarlett, Tech Lead for Open Source Developer Relations at Block. Rizel shares her fascinating journey from psychology student to software engineer and now a leader in developer advocacy, highlighting her passion for teaching and creative problem-solving.The conversation dives deep into Block's innovative open source work, particularly their AI agent called Goose, which leverages the Model Context Protocol (MCP). Rizel explains what MCP is, seeing it as an SDK or API for AI agents, and discusses the excitement around its potential to democratize coding and other tools for developers and non-developers alike, sharing compelling use cases like automating tasks in Google Docs and interacting with Blender.However, the discussion doesn't shy away from the critical challenges facing MCP, especially concerning security. Rizel addresses concerns about trusting community-built MCP servers, potential vulnerabilities, and mitigation strategies like allow lists and building internal, vetted servers. They also explore the complexities of exposing large APIs, the demand for local AI for privacy, the current limitations of local models, and the user experience of installing and trusting MCP plugins.Rizel shares examples of promising MCP servers, including those focused on "long-term memory" and, notably, a speech/voice-controlled coding server, bringing the conversation back to the show's roots in voice development and accessibility, touching upon the concept of temporary disability.The episode concludes by reflecting on whether MCP is currently a "small, beginner solution" being hyped as a "massive, full-featured" one, the need for more honest conversations about its limitations, and the ongoing efforts within the community and companies like Block to improve the protocol, including discussions around official registries and easier installation methods like deep links.Tune in for a candid look at the exciting, yet challenging, landscape of AI agents, MCP, and open source development.More Info:* Goose - https://github.com/block/goose* Pieces for Developers - https://pieces.app/features/mcp* Speech MCP - https://glama.ai/mcp/servers/@Kvadratni/speech-mcp[00:00:48] Meet Rizel Scarlett & Her Career Journey (Psychology to Dev Advocacy)[00:03:54] Introducing Block & Its Mission (Square, Cash App, etc.)[00:04:58] Block's Open Source Division and the Goose AI Agent[00:05:48] Diving into the Model Context Protocol (MCP)[00:07:56] What is MCP? (SDK for Agents) & Exciting Use Cases (Democratization, non-developers)[00:10:36] Major Security Concerns with MCP (Trust, vulnerabilities, typo squatting)[00:11:48] Mitigation Strategies & Authentication (Allow Lists, Internal Servers, Vetting)[00:17:59] The Current State of MCP: An Infancy Protocol[00:20:09] Complexity & Context Window Challenges with MCP Servers[00:23:14] User Demand for Local AI & Data Privacy[00:25:31] User Experience of MCP Plugin Installation & Trust[00:28:42] Examples of Useful MCP Servers (Pieces, Computer Controller, Speech)[00:31:18] The Power of Voice-Controlled Coding (Accessibility, temporary disability)[00:33:59] MCP: Hype vs. Reality & The Need for Honest Conversations[00:36:00] Efforts to Improve MCP (Committees, Registries, Deep Links)#developer #programming #tech #opensource #block #ai #aigent #llm #mcp #modelcontextprotocol #devrel #developeradvocacy #security #cybersecurity #privacy #localai #remoteai #accessibility #voicecoding #riselscarlett #gooseai
What this episode covers
Join us on Two Voice Devs as Allen Firstenberg talks with Rizel Scarlett, Tech Lead for Open Source Developer Relations at Block. Rizel shares her fascinating journey from psychology student to software engineer and now a leader in developer advocacy, highlighting her passion for teaching and creative problem-solving.The conversation dives deep into Block's innovative open source work, particularly their AI agent called Goose, which leverages the Model Context Protocol (MCP). Rizel explains what MCP is, seeing it as an SDK or API for AI agents, and discusses the excitement around its potential to democratize coding and other tools for developers and non-developers alike, sharing compelling use cases like automating tasks in Google Docs and interacting with Blender.However, the discussion doesn't shy away from the critical challenges facing MCP, especially concerning security. Rizel addresses concerns about trusting community-built MCP servers, potential vulnerabilities, and mitigation strategies like allow lists and building internal, vetted servers. They also explore the complexities of exposing large APIs, the demand for local AI for privacy, the current limitations of local models, and the user experience of installing and trusting MCP plugins.Rizel shares examples of promising MCP servers, including those focused on "long-term memory" and, notably, a speech/voice-controlled coding server, bringing the conversation back to the show's roots in voice development and accessibility, touching upon the concept of temporary disability.The episode concludes by reflecting on whether MCP is currently a "small, beginner solution" being hyped as a "massive, full-featured" one, the need for more honest conversations about its limitations, and the ongoing efforts within the community and companies like Block to improve the protocol, including discussions around official registries and easier installation methods like deep links.Tune in for a candid look at the exciting, yet challenging, landscape of AI agents, MCP, and open source development.More Info:* Goose - https://github.com/block/goose* Pieces for Developers - https://pieces.app/features/mcp* Speech MCP - https://glama.ai/mcp/servers/@Kvadratni/speech-mcp[00:00:48] Meet Rizel Scarlett & Her Career Journey (Psychology to Dev Advocacy)[00:03:54] Introducing Block & Its Mission (Square, Cash App, etc.)[00:04:58] Block's Open Source Division and the Goose AI Agent[00:05:48] Diving into the Model Context Protocol (MCP)[00:07:56] What is MCP? (SDK for Agents) & Exciting Use Cases (Democratization, non-developers)[00:10:36] Major Security Concerns with MCP (Trust, vulnerabilities, typo squatting)[00:11:48] Mitigation Strategies & Authentication (Allow Lists, Internal Servers, Vetting)[00:17:59] The Current State of MCP: An Infancy Protocol[00:20:09] Complexity & Context Window Challenges with MCP Servers[00:23:14] User Demand for Local AI & Data Privacy[00:25:31] User Experience of MCP Plugin Installation & Trust[00:28:42] Examples of Useful MCP Servers (Pieces, Computer Controller, Speech)[00:31:18] The Power of Voice-Controlled Coding (Accessibility, temporary disability)[00:33:59] MCP: Hype vs. Reality & The Need for Honest Conversations[00:36:00] Efforts to Improve MCP (Committees, Registries, Deep Links)#developer #programming #tech #opensource #block #ai #aigent #llm #mcp #modelcontextprotocol #devrel #developeradvocacy #security #cybersecurity #privacy #localai #remoteai #accessibility #voicecoding #riselscarlett #gooseai
NOW PLAYING
Episode 239 - MCP: Hype, Security, and Real-World Use
No transcript for this episode yet
Similar Episodes
Apr 22, 2025 ·32m
Feb 27, 2025 ·0m
Sep 20, 2024 ·57m
Aug 7, 2024 ·16m