David Vuong (00:00)
Always hit the red button. Even when you're about to leave, hit the other red button. ⁓ You start another... ⁓ whoops. It's okay. You only make that mistake once. Yeah, that's right. Okay.

Ilan (00:01)
That's right.

It's good that I'm not in charge at the nuclear football. Like let me hang up. ⁓ Shoot.

Last time I ever make the mistake.

David Vuong (00:23)
Hey, Ilan I want to tell you about something that's really important for product folks everywhere. It's called MCP, Model Context Protocol. Want to learn more about it?

Ilan (00:33)
Yeah, please, let's dive into it.

David Vuong (00:44)
right. Welcome to prompt and circumstance. My name's David.

Ilan (00:46)
and I'm Ilan.

David Vuong (00:48)
And today we're going to talk about MCP.

Ilan (00:50)
But first let's hear from one of our sponsors

Do you have a side hustle? Why If you're worried about validating your market or finding time to build your product, then Co.Lab's Validate and Build will help you

They'll go out and ensure that users really want your product and then they'll build an MVP so that you can have your first paying customers. They'll hand off the product to you and you can take it from there so you can run your side hustle.

link below to find out more and let them know David and Ilan sent you for $250 off.

Ilan (01:22)
Alright David, before we jump into MCP, I have a little bit of AI news I want to share with you. the first is the browser company. launched Dia, their AI-based browser.

David Vuong (01:28)
Cool, let's hear it.

Ilan (01:38)
a report came out this week saying that there's 40 % higher secret exposure when using Vibecode tools.

launched their own vibe coding tool just this week.

Jumping back to the first one, how do feel about an AI browser?

David Vuong (01:58)
⁓ you know, the idea sounds cool. ⁓ although I, I wonder again about privacy and secrecy. ⁓ a lot of things that are AI tend to be data hungry. And, ⁓ I wonder how much of my browsing data that's going to be consuming.

Ilan (02:10)
Mm-hmm.

Yeah, I don't know if I want Open AI or whatever models they're using under the hood to know my entire browsing history from the beginning of my use of that browsing.

David Vuong (02:27)
Yeah, I mean, having said that though, mean, you know, think about what it could mean if your browser is an AI agent. And, uh, you know, instead of typing in some kind of search, let's say, uh, you could type in natural language of what you're looking for and it'll figure it out for you. You know, draw stuff from multiple sites and take care of that.

Ilan (02:46)
But I think that a lot of that can be handled by setting, for example, Perplexity as your ⁓ default search engine in your current browser.

David Vuong (02:55)
Yeah, yeah, so I really wonder about the value prop.

Ilan (02:58)
Totally.

David Vuong (02:59)
So well, let's get into the second one. That's interesting. ⁓ Secret exposure. So as in API secret, the client secrets.

Ilan (03:07)
That's right.

And this is a reality that you can see pretty frequently if you're on vibe coding Twitter or vibe coding X. You'll see solopreneurs who are not super tech savvy say, ⁓ my goodness, suddenly my OpenAI API key has been exposed and people are just using my OpenAI account. Help, help.

So something that is anecdotally happening and now we have some numbers to back it up.

David Vuong (03:39)
Yeah, that's, that's a really important thing to keep in mind for anybody who's vibe coding. IDs and secrets, they really ought to be kept a secret. and, ⁓ exposure is, is a really big deal. way that, some of the code can be generated isn't necessarily as tight as, ⁓ you know, one might like.

Ilan (03:58)
Mm-hmm.

You know, David, maybe for a future episode, I could go through how I've worked to keep some of my API secrets safe while using vibe coding tools. So can wait for that in a future episode.

David Vuong (04:16)
Yeah, that sounds fun

Ilan (04:18)
And then the last one, this is a microcosm of something that we're seeing. If you follow Product Hunt, basically every day there's somebody releasing a new vibe coding tool. We've talked about before how commoditized this has become. What do you think about the number of new tools that are coming out these days?

David Vuong (04:39)
In some ways it's not a big surprise because the potential of what people can do with vibe coding is phenomenal.

was just the other day that one of our executive leaders.

had vibe coded some app script in a Google document that would help with some financial operations. And she had never coded anything in her life. just with some help of GPT, she was able to accomplish that. And it automated a lot and it also helped elevate the entire process. It suggested improvements to what she was doing in the Google Sheets. So the game

Ilan (04:59)
Wow.

David Vuong (05:19)
same changing potential of vibe coding definitely is there. It is interesting to see more and more dive into this red ocean.

Ilan (05:29)
Right. Do you think that we're going to see a contraction of the number of tools where, you know, the, four that we've reviewed or, ⁓ some other one, maybe Google's is just going to end up being the default.

David Vuong (05:41)
That makes a lot of sense. does smell like a bubble, right? I mean, how many browsers are there now? Right. And how many office productivity tools are there? I think it makes sense that things are going to coalesce. What do you think?

Ilan (05:57)
I think so too. I think there will also be some acquisitions that happen. You shared an article that we'll share the notes here of an Israeli startup that was bought by Wix for 80 million. And that was also a vibe coding startup. They were bought after six months.

David Vuong (06:16)
yeah, exciting times. Also exciting is MCP. Why don't we get into it?

Ilan (06:18)
exciting times. Alright David. Yeah.

Ilan (06:22)
But first let's hear from one of our sponsors

Are you having trouble wrangling too many data sources to get answers to your product questions? Querio's AI agent sits on top of your data stack and connects the dots so that you can get product insights at your fingertips.

I use it personally and it saves me hours per week. You can try it too. Go to querio.ai and let them know that David and Ilan sent you and they'll give you two months free of Querio.

Ilan (06:52)
I know basically nothing about this topic, David, so I'm curious, maybe can we start at the top? What is MCP?

David Vuong (07:00)
All right. So MCP is model context protocol. This is something that is meant to solve a pretty important problem as it relates to AI agents. And this being a hot topic of this current year, I think it's important that we dive into it.

right, so as good product people, let's start off with what problem this thing is trying to solve, all right? So if you are to make an AI agent today, it is going to have some limitations. You need to give it a prompt, a fairly lengthy prompt of all the things that it can do.

Right? So, ⁓ if you receive this command from the user, then call this API, here's the specifications, yada, yada, yada. Right? And ⁓ that becomes a limiting factor because as more and more capabilities become available to that agent, you were going to have to update that prompt and it's going to become enormous and unwieldy.

Ilan (08:04)
Hmm.

David Vuong (08:04)
Not only that, but ⁓ what if you are wanting to expose your platform to AI agents for use? Now you need to make a separate integration for each of those different agents.

Ilan (08:20)
I'm curious then why isn't it on the person who's developing the agent to just figure that out? Right? So if you have 10 different agents who want to.

access your service, then each one has to develop their prompts.

David Vuong (08:32)
Yeah. I suppose it has to do with helping the agents better understand how exactly to use that.

that perhaps API. your take on it?

Ilan (08:44)
Yeah, I mean, it's the same reason that you would expose an API from your product, right? You want people to use your product the same way each time. They don't want each of them to have like a custom integration with your, ⁓ with your tool. And I think from what I've, from the little bit I've read, these MCP servers are extremely verbose because they want to give instructions that an agent can follow.

the same way every time, even if it comes in from a different natural language starting point. So essentially, you want the agent to use your service correctly every time. You don't want to be reliant on whoever is programming the agent to understand the intricacies of your service.

David Vuong (09:31)
That makes a lot of sense. You know, some people are talking about how, you know, if you are building an AI agent, you only need to build an MCP integration once. And then from there, it allows the agents to discover the MCP servers, which would then tell the agent what it can do. And it would be able to figure it out from there again, based off of an MCP, right? That it would know how to converse.

Ilan (09:58)
So David, when would a product team consider using MCP?

David Vuong (10:02)
Yeah, there's ⁓ two different scenarios that I can think of. One is where you have your own AI agent. So if it's your own companies or your own software's AI agent, and you want that agent to be able to talk to your own software and interact with it in a variety of different ways, in a scalable manner. And the other would be if you would want your platform to be accessible to AI agents externally. So maybe you are...

Atlassian and you want your customers to be able to expose their data to AI agents so that their agents can take care of various different

duties.

on your JIRA instance. That would be an example of that. see it as, you know, it's almost like when would you build an API, but at a slightly higher level, right? So an API is ⁓ fairly rudimentary, if you will, in terms of, okay, you make this request and you get this data.

Whereas a tool on an MCP server can have a variety of more robust that it can do. Like for example, sending an email. that could involve multiple steps the agent simply needs to call once.

Ilan (11:19)
super admit, I'm still little fuzzy here, David. I'm wondering if we could maybe walk through an example and maybe that will help provide me and our audience some clarity.

David Vuong (11:31)
Yeah, sure. So why don't we think about this, let's say from an AI agent's perspective where that agent is helping a project manager. what this AI agent would want to do is keep track of the status of a project, let's say, right? And it needs to update that project.

Ilan (11:42)
Okay.

David Vuong (11:52)
right. So let's say that this project's being tracked on Asana.

All right. So Asana is going to have an MCP server, which it does. And this agent can do is use that server to understand how it can create or manage tasks that are project related. So maybe you would assign a follow-up to somebody, create and assign a follow-up to a certain person. And the actual execution of the project, maybe it's creating a piece of software. Maybe that's being tracked in Jira, right? So.

has an MCP server for Jira where AI agent would be able

query and summarize or modify stories or tasks in Jira.

David Vuong (12:36)
All right, so it's going to start off with the user making a request to the AI agent, which is the MCP host, saying something like, update the status of Project Omega in Asana based on the completion of its associated tasks in JIRA. All right, so that's step one. Step two is then the agent interpreting that intent of what the user had asked. So it's going to look at the information that it needs to receive and what it needs to perform.

on that request. Right. So that's step two, interpreting the intent. Step three is then connecting to the server. Right. So the AI agent has a, an MCP client as part of its abilities. And so that connects to Jira's MCP server. Right. So it's going to first check out what's going on in Jira. That's step three. So

When it connects to the server in step four, the server is then going to authenticate to make sure that the AI agent is ⁓ allowed to do what ⁓ it is going to do. right. Number five, the AI agent is going to then discover the Jira's capabilities on the server. Right. So the server exposes functionalities. It's going to say, ⁓ all right. So ⁓ you have

these abilities, you have these tools, you can get task using the ID if you want, you can get a task using the project, you can also do this or that, right? So it's going to list out each of those tools. And for each of those, it's going to say, all right, well, if you get a task by a project, I'm going to need, say the project or the epics ID or the name, let's say, right? So it's going to have a bunch of criteria there, it's going to tell you

what to expect. ⁓ Some other things that it could list there would be resources. And this is saying something like, all right, well, you can simply, you know, retrieve this set of data, it's, it's just a simple list of tickets.

All right. And so the cool thing about that is that this is stuff that the agent discovers dynamically so this list of ⁓ what the agent can do on JIRA is going to be, dynamic. so each time that the agent talks to it, maybe that list could change. It based off permissions or based off of a new functionality. All right.

So number six. So what's going to happen is that the AI agents having ⁓ now understood ⁓ what the possible things that could interact with are, is going to say something like, all right, cool. I'm going to call get tasks by project where the project name is project Omega, right? So it's going to use the MCP client and initiate a call to get those tasks.

All right, so that's number six. Number seven is Jira itself, the MCP server. It's going to then execute that query. And now this server basically wraps around the API. So basically it's going to execute the query against the API, right? So API then retrieves that data for the MCP server.

All right, number eight is that the MCP server returning that data in a structured way, right? So if it's a list of tasks and their completion statuses, it's going to say something like, all right, task A is done, task B is in progress, et cetera. And it's going to send that back to the MCP client, which is our AI agent.

Alright, number nine. So the AI agent then processes that JIRA data, right? So it's going to look through the results of what it's seen and it's going to determine, let's say, all right, well, it looks like phase one of Project Omega is done. I probably ought to update that in Asana. All right, so that's step nine. Step 10 is the MCP client, that is the AI agent, then establishing a connection with Asana.

Asana's MCP server. In step 11, we go through a similar thing where the MCP server with Asana is authenticating the MCP client that the AI agent is running to make sure again that they have permissions to do what they wanna do. All right, so number 12, ⁓ similar thing, the Asana MCP server says, all right, here's the things that you can do. Here's the resources that you have. can get a list of

open projects, let's say, or ⁓ here's a tool for you. You can update a project's status, right? And if you do, I that status, and the name of the project, let's say, So that's number 12. Number 13 is going to be the agent then invoking that tool. It's going to call that tool and say, all right, I want to update project status on this MCP server.

And here's a project ID, it's in Project Omega, and here's the status, it's complete. So possible here that there's some user confirmation because you're modifying some data, but up to whoever designs the system. But that's number 13. Number 14 is the Asana MCP server then executing that request. So just like with Jira,

It's going to run that request against the API, changing the project status. Number 15 is the server returning confirmation saying, all right, that's done. It's ⁓ successful. So sending that back to the client. And then number 16 is the AI agents then informing the user that, hey, I've gone ahead and ⁓ done all that for you. I've had a look at the task completion in Jira and I've updated

the project that you've asked me to, Project Omega in Asana. So that's 16 steps, but it all is gonna happen quite fast. And that is just a simple example of how an AI agent would be interacting with MCP servers.

David Vuong (18:52)
So this agent is basically now orchestrating this entire right? Where it talks to Atlassian's MCP server, gets the information that it needs, makes the changes that it needs if necessary, and then goes over to Asana and updates the project automatically.

Ilan (19:09)
So in this case, the user, let's say it's a human project manager,

they're coming and prompting the agent to keep track of this project. And here's where you can find the information about the project. This is in Jira and here's where we are tracking the project. This is in Asana. And then the agent can take that

information and then knows what to do from there ⁓ based on these MCP servers that it has access to to actually see the status of the JIRA tickets and then update a ⁓ project task in Asana.

David Vuong (19:51)
Yeah, it can also potentially do that automatically. maybe as part of the context for that agent, it would know that it has access to these servers and every 8 a.m. for each day, it's going to go through this task.

Ilan (19:56)
Okay.

earlier on in our news section, we talked about secret exposure with vibe coding. What do know about MCP and secrets or security? How do we handle that?

David Vuong (20:27)
Yeah, that's a really good point. So security is paramount and because MCP is so new, it is vulnerable to some security exploits. So an example of this is where people will set up a fake directory of MCP servers. So if your agent is naively going out and looking for MCP servers that would, let's say, update my project, it could find

server and then go ahead and interact with that and send some possibly critical information to a nefarious actor. And so making sure that you know the agent's behavior and context is locked down. I think that's going to be a paramount here.

Ilan (21:15)
Yeah, absolutely. And the services that expose their functionality through MCP servers, do they have ⁓ security protocols in place? Like would they use just regular authentication like you would ⁓ for an API? Or is there anything specific to MCP

tells us that, this is like the specific MCP server that you want to use. And this is an authorized user for that server.

David Vuong (21:45)
Yeah. That's a good question. So.

MCP is going to use OAuth in terms of authentication mechanisms. So that's an already existing method for those familiar with it. And as part of that, the team will be able to have some good access control, whether it's role-based or attribute-based. I would say that probably this is something that if you are thinking about creating this, you would very much want to loop in the architecture

texture

team, the security team to make sure that everything is well controlled and ⁓ that there's no risk of any kind of elevation of access.

Ilan (22:32)
That is helpful, David. And I think you're right. This is where you talk with the DevSecOps team. And with that, I think that we can probably draw this topic to a close. So this was super helpful. Today, you told us what an MCP server is. It's basically an API, but for AI agents. ⁓ Why it's important to product teams. If you want to have...

internal agents that talk to other internal tools, or if you want to ⁓ expose some of your functionality to external AI agents. And we went through a helpful example, and then we talked a little bit about security. So all in all, a great topic. Thank you very much, David.

David Vuong (23:18)
Pleasure. I think that it'll be really important for everybody to know more about this.

Ilan (23:23)
with that, you can like us, leave a review, follow us on your favorite platform @pandcpodcast, and let us know in the comments what you'd like us to talk about next. Thanks very much, see you next time.

David Vuong (23:39)
See you next time.