Security for MCP

The Model Context Protocol (MCP) specification has helped to accelerate access to a wide range of data sources for AI applications. But there are questions about the security and trust implications around a protocol that is still in its infancy. Scott Crawford and Justin Lam return to the podcast to examine the concerns that have been raised and changes that are underway in the specification with host Eric Hanselman. The previous episode introduced MCP and some of the market forces that are in play. Security considerations didn’t appear to be fully sorted out in the first version of the specification, but more work is being done to move beyond the OAuth-based approach. Automating the data access process can be powerful, but also fraught with the potential for abuse.  The larger questions in MCP revolve around understanding risk and establishing trust. Data exposure has been a constant concern in AI, but the more complex issues exist in the integrity of the data that’s being used. AI technology is moving forward rapidly and adversaries that are looking to compromise it and moving right along with these advances. More S&P Global Content: The 2025 Generative AI Outlook Next in Tech | Ep. 224: Context Around MCP For S&P Global Subscribers: Technology Primer: Model Context Protocol explained Databases and analytic services get the agentic AI treatment at Google Cloud Next 2025 IT Insider 3: A roundup for IT decision-makers Credits: Host/Author: Eric Hanselman  Guests: Scott Crawford, Justin Lam Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

Linking generative AI models to the agents that are going to use them now has a standard for queries, the Model Context Protocol (MCP). Suddenly all sorts of things are vying to be your data source of choice. What could go wrong? Analysts Jean Atelsek, James Curtis and Henry Baltazar join host Eric Hanselman to provide an introduction to what MCP is, what all the fuss is about and where this is headed. Since Anthropic released the standard in November of 2024, there has been significant progress in expanding and clarifying it, but it is still very much a work in progress. Database providers and storage vendors have been the obvious participants and many others are joining in. The larger questions are around ensuring trust and transparency in this market. Basic authentication has been worked out, but more sophisticated authorization mechanisms need to be defined. The mad dash is already leading to M&A activity, with storage vendors looking to expand their opportunities and maintain their relevance. Microsoft has released its MCP definition and Google has created an agent-to-agent (A2A) protocol for direct agent interactions. There are many pieces that are coming together to enable fully agentic operations and there is still a lot of work to be done.   More S&P Global Content: The 2025 Generative AI Outlook For S&P Global subscribers: Technology Primer: Model Context Protocol explained Databases and analytic services get the agentic AI treatment at Google Cloud Next 2025 IT Insider 3: A roundup for IT decision-makers Credits: Host/Author: Eric Hanselman Guests: Jean Atelsek, James Curtis, Henry Baltazar Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

Developer experience is one of the areas where AI applications are showing significant return on investment, but there are significant hurdles to overcome in both changing established development patterns, as well as integrating AI tooling. Analyst Jean Atelsek and AWS vice president for developer experience Deepak Singh join host Eric Hanselman to explore the current state of AI code assistance and look at where it’s headed. Auto-complete, where the next bit of a line of code is filled in for a programmer, has been evolving over a number of years, but the arrival of agents to augment code generation and task automation is being to revolutionize software development. Changing development patterns is hard, but the benefits offer strong incentives to change habits. Where early uses had AI engines generate smaller code snippets that developers integrated, that’s changing to having AI tackle full functions that are then reviewed and corrected. Tooling around AI implementations are tailoring they way in which they interact with individual developers, enhancing their experience. Application modernization is an area where AI can shine, as it can assess a massive codebase whose authors are no longer available and provide not only documentation, but also prioritize recoding efforts. It’s a task where the hours required for manual assessment can be daunting and error prone. Leveraging AI code generation securely requires that organizations have sufficiently secure development pipelines. Mitigating risks from confabulation and errors in AI generated code is the same process as ought to be in place for human coders, an area where some less mature organizations may have some catching up to do. More S&P Global Content: The 2025 Generative AI Outlook For S&P Global subscribers: Can generative AI modernize legacy code bases? It depends Tech Trend in Focus: Generative AI in programming Generative AI Market Monitor & Forecast Credits: Host/Author: Eric Hanselman Guests: Jean Atelsek, Deepak Singh Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

Managing IT costs has always been challenging and the FinOps movement is working to tackle this problem. Analysts Jean Atelsek and Melanie Posey return to the podcast to discuss their research and what they saw at the FinOps X conference with host Eric Hanselman. Cost angst has been exacerbated by the move to cloud. The shift from capital expense to operational expense has been a complicated transition for many. The infrastructure spending growth that being driven by AI initiatives has only just begun, but is already concerning. As cloud costs have become material expenses, more focus has been put on managing them. There are a host of startups that are looking to provide tools and cloud providers all have some form of cost management tooling. The shift to virtualization opened the door to optimization, but was one that only few walked through. Efforts at charge-back and show-back accounting created better visibility, but FinOps is looking to take things a step further by identifying costs early in the development cycle. Putting the vast quantities of operational data that cloud throws off to work requires a new focus. It’s another area where AI can help businesses work their way out of the looming costs that AI applications create. It requires bringing together lines of business, development teams and IT operations, but the benefits could be significant. More S&P Global Content: Webinar: AI Has Swallowed the Tech Industry: Indigestion to Follow? Cloud Shifts podcast For S&P Global Subscribers: FinOps Foundation showcases Scopes initiatives, user deployment experiences at FinOps X Day FinOps adoption expands as generative AI amplifies public cloud cost challenges – Highlights from VotE: Cloud, Hosting & Managed Services and Cloud Native FinOps Market Monitor & Forecast Credits: Host/Author: Eric Hanselman Guests: Jean Atelsek, Melanie Posey, Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

A set of questions are being asked about whether the velocity of datacenter build outs is wavering. Analyst Dan Thompson returns to the podcast to explore the realities of the market with host Eric Hanselman. There are some facts that raised the questions, including Microsoft demurring on some datacenter projects, and they have fueled concerns that the heady pace might slacken. The DeepSeek model’s debut with claims of lower training requirements spooked the tech markets in January. There have been layoffs. Are these harbingers of AI doom? In the same way that DeepSeek signaled the next phase of optimization in AI models, datacenter markets can be expected to adjust over time. The difference is that the time scales for the two areas are vastly different. With AI ecosystems seemingly cycling daily, the multiyear scheduling of datacenters might appear glacial by comparison. But it’s a market influenced by many factors, including a complex supply chain. Capital spending across hyperscale cloud providers remains healthy and maintains an eye on a future with much greater density of AI functionality. We’re still a long way from a correction. More S&P Global Content: Powering AI – Opportunities, tensions in datacenter and energy markets For S&P Global subscribers: Truths about how the power sector can (and cannot) respond to datacenter needs Potential impacts of DeepSeek on datacenters and energy demand 2025 US datacenters and nuclear energy report Credits: Host/Author: Eric Hanselman Guests: Dan Thompson Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

In the rush to build out AI applications, a full understanding of the dynamics of personal data management can be difficult to achieve. As we kick off Pride Month, the complexities of personal data handling deserve more attention and Emily Jasper and Alan Moore join host Eric Hanselman to discuss the concerns and approaches to address privacy issues. Enterprises accumulate both operational and self-reported personal data, some with regulatory requirements for collection and reporting and some in support of employee development. Is that data the new oil that can fuel their efforts, the new water that can leak or the new plutonium that can be powerful, but also dangerous?  With many systems accumulating data, it can be difficult to ensure that right data is in the right places. Data migration is hard, but can be necessary in technology transitions. Data is the raw material that builds AI value, but personal data increases the risks of not only expose, but of creating presumptions by AI models of association and affiliation. There are additional risks in inadequate datasets for training. As we’ve pointed out in previous episodes, organizations need to be aware of how well their training data reflects the populations they intend to serve. More S&P Global Content: Webinar: Winning the Ad Dollar: Data-Driven Sales Enablement Next in Tech | Ep. 213: AI and Privacy Next in Tech | Ep. 204: Ethical AI Data For S&P Global subscribers: Safeguarding privacy in the AI era – Highlights from VotE: Data & Analytics 2025 Trends in Workforce Productivity & Collaboration Ask the Analyst: Retail tech — personalization without friction 2025 Trends in Data, AI & Analytics Credits: Host/Author: Eric Hanselman Guests: Emily Jasper, Alan Moore Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

Around the globe, municipalities are facing a set of challenges managing the impacts of more extreme weather, while addressing aging infrastructure and more chronic issues, such as rising heat and sea levels. There are a set of technologies that can help them to both be aware of the risks and improve planning to work on mitigating them. The Internet of Things (IoT) can play a role in sensing and advances in digital twins can aid in simulating climate-driven events. It’s a set of tools that, when applied well, can help to better build resilience.  At the same time, the resilience of utility systems are being challenged by tech advances. Power consumption by datacenters is impacting the load on electricity grids. The transition to greater use of renewables is changing grid dynamics and investment is needed to maintain stability. Climate impacts can have differing impacts across society and efforts manage equity are critical. The upcoming webinar will dig into all of this in more detail – join us to continue the conversation! Join the webinar: Risk to Resilience: How Technology is Reinventing Urban Preparedness More S&P Global Content: Climate physical risk insights for the U.S. municipal bond market Enhancing government resilience with technology amidst uncertainty Sustainable cities: Open data portals for community-driven AI apps, sustainability validation For S&P Global subscribers: Lessons from the Iberian blackout: The starfish and the spider Potential impacts of DeepSeek on datacenters and energy demand Adoption of automation capabilities could drive consolidation in the smart buildings space Smart spaces must address privacy concerns, deliver experience enhancements – Highlights from VoCUL: Smart Spaces Credits: Host/Author: Eric Hanselman Guests: Therese Feng, Zoë Roth, Johan Vermij Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

With all of the drama associated with AI, it’s easy to miss the need to understand the foundations that deliver the data that is the raw element from which AI value is built. Databases and storage infrastructure are critical components that have to work in concert with AI plans and returning guests Henry Baltazar and James Curtis join host Eric Hanselman to discuss what’s been happening and what enterprises need to know about the future. Databases and storage management systems have been intertwined for a long time and AI pressures are tightening that connection. Storage systems perform analytics on the data they store to optimize its handling, tracking use and characteristics. The same insights that aid in compression and tiering are also useful in classifying data for AI. Data classification has always been a challenge for enterprises, as storage systems are typically disconnected from the data owners and applications that use them. Intelligent storage systems have been able to intuit the nature of content, including mapping databases and virtual machines. Databases have been able to leverage storage capabilities like snapshotting for resilience. Into this mix a new set of AI focused storage and database offerings arrive that target AI uses. The question is whether the native database and storage systems can do enough of what’s needed. They already store key data and have valuable insights and classification capabilities. Some vendors are attaching GPU clusters to storage systems to provide high performance AI model training functionality. The major issue for most, is the matter of data placement. Shifting petabytes of data is no small task and concerns about data security and the costs involved now loom much larger. More S&P Global Content: Next in Tech | Ep. 213: AI and Privacy Next in Tech | Ep. 203: NRF conference shows AI challenges and rewards For S&P Global Subscribers: Rapid data growth and migrations increase storage burdens Amazon S3 Tables and automated metadata highlight recent AWS Storage enhancements 2025 Trends in Cloud and Cloud Native Credits: Host/Author: Eric Hanselman  Guests: Henry Baltazar, James Curtis Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

The annual NAB Show delivered a more fully digital ecosystem when it convened in Las Vegas this year. While traditional broadcast technologies are still the focus, hyperscale cloud providers, digital media platforms and no shortage of AI were all on display. Returning guests Justin Neilson and Peter Leitzinger join host Eric Hanselman to discuss what they saw at broadcasting’s big event and the impacts of various technologies on the media landscape. The digital television evolution is continuing apace. The ATSC 3.0 NextGen TV standard has been rolling out across the globe, albeit a bit more slowly in the U.S.. The higher resolution, more interactive capability is available to over three quarters of the market. Multi-screening functionality is interesting, but digital advertisers are looking to the direct access to consumers as a better path to monetizing viewers and delivering a direct path to content creators. The smart TV market is also hopeful, driving the uptake of new chipsets and televisions.   The show also revealed the greater participation of the hyperscale cloud providers in broadcast media. Greater volumes of digital content are depending on cloud scale in ever greater measure. The creeping incrementalism of AI in media production still has to overcome some fundamental objections from studios and some content creators, but it is working its way into many parts of the industry. It seems like its convenience and velocity may be too much to resist. More S&P Global Content: Radio/TV station annual outlook, 2024 MediaTalk | Season 3 | Ep. 16 - Broadcasters Band Together Over Tech Advancements, Deregulation For S&P Global subscribers: US TV set projections through 2028: Solid rebound on track to continued growth Digital multicast TV database 2024 update: NextGen TV expands reach to 75% of US Credits: Host/Author: Eric Hanselman Guests: Justin Nielson, Peter Leitzinger Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

The game of Rugby is having a moment on the global stage. It’s attracting investment and growing its fan base and audiences. The Six Nations competition has just finished, with France triumphing over Scotland and the Women’s World Cup is on the horizon. With dedicated fans and upmarket advertisers, the media rights are garnering significant interest. An old saying contrasted soccer (football to most of the world) with rugby by saying that football was a gentleman’s game played by hooligans, while rugby was a hooligan’s game played by gentlemen. And today, both the women’s and men’s games are gaining prominence. Unlike soccer (football), the world governing body for rugby spans both leagues and has strong female representation on its board. With high value advertisers driving revenue and both country competitions and national leagues creating a rich game schedule, media valuations are continuing to grow. From its origins as an amateur league, it’s become much more. There’s a nascent shift from free-to-air broadcast to paid media and streaming. It’s quite a scrum! More S&P Global Content: Authenticity, women's sports and African potential dominate SportsPro Live For S&P Global Subscribers: Sports calendar 2025 — High-profile women's events and sustainability concerns DAZN boasts its global expansion plans with acquisition of Foxtel Credits: Host/Author: Eric Hanselman Guests: Richard Berndes Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith