𝗪𝗲𝗯𝗠𝗖𝗣 𝗜𝘀 𝗔𝗻 𝗔𝘁𝘁𝗮𝗰𝗸 𝗦𝘂𝗿𝗳𝗮𝗰𝗲

𝗪𝗲𝗯𝗠𝗖𝗣 𝗜𝘀 𝗔𝗻 𝗔𝘁𝘁𝗮𝗰𝗸 𝗦𝘂𝗿𝗳𝗮𝗰𝗲

Sylwia Laskowska wrote a fun demo about webMCP. She calls it an accessibility layer. It is not.

Accessibility metadata describes a page. webMCP metadata runs code. These are callable functions. One function might fire an employee.

In a toy app, this is funny. In a real app, this is a disaster.

Agents act with high confidence. They use these tools when they lack info. webMCP lacks:

• Permission models
• Rate limiting
• Safety gates
• Intent validation

Wrong descriptions lead to agent failure. This leads to data loss. This leads to privilege escalation.

New risks exist:

• Session hijack
• Confused deputy problems
• No authorization model

We build highways without traffic lights. webMCP is a privileged interface. It needs:

• Auditability
• Policy
• Safety envelopes

Do not expose actions here if you would not put them in a public API. Treat webMCP as an attack surface.

Source: https://dev.to/narnaiezzsshaa/webmcp-isnt-the-new-accessibility-layer-its-a-new-attack-surface-a-governance-grade-reframing-of-2nl1

Optional learning community: https://t.me/GyaanSetuAi