š¦š²šŗš®š»šš¶š° šš®šš²šæ šš š šš£: š§šµš² šš„š£ š¦š²š°ššæš¶šš š„š¶ššø
Many architects celebrate the ability of LLMs to connect to enterprise systems via MCP. They overlook a major risk. A malicious prompt can trigger a real write operation in your ERP. This happens without alarms or human review.
You must understand the difference between a semantic layer and MCP.
A semantic layer sits between your LLM and your data. It exposes metrics and KPIs. It is read-only. If an LLM makes a mistake, it only reads data it already has permission to see. The damage is small.
MCP is different. MCP servers execute real operations. They can update records, change prices, or approve orders. This is where the danger lives.
If a user injects a prompt, the LLM might issue a valid MCP command with bad intent.
Example of a failure:
- An attacker injects a prompt into an AI assistant.
- The prompt tells the LLM to set all product prices to zero.
- The MCP server receives a valid command to update prices.
- The ERP executes the change.
- Thousands of orders arrive at zero price before anyone notices.
To prevent this, every MCP write operation needs three controls:
Prompt Validation Validate the instruction before it reaches the MCP server. Check if the action matches the user goal. Check if the values are within safe ranges. Treat the prompt as untrusted input.
Schema Enforcement The MCP server must use strict contracts. Define exactly what parameters are allowed. A tool that updates one price at a time is safer than a tool that performs bulk updates.
Human-in-the-loop (HITL) Critical data like pricing or inventory needs human approval. The agent must submit the request and wait. A human must approve it before the MCP server executes the command. Do not let the LLM bypass this gate.
You also need full observability. Every write operation needs an audit trail. You must track who started it, the prompt used, the validation results, and the human who approved it.
Use a semantic layer for reading data. Use MCP for writing data. But never let MCP touch your ERP without validation, strict schemas, and human approval.
Governance is the foundation of enterprise AI.
Optional learning community: https://t.me/GyaanSetuAi