Having the LLM generate code on top of a regular API instead of calling external functions one by one seems like common sense. Was MCP invented because LLMs were not capable of writing robust code at the time? Was it because of security considerations? What I am missing?
> top of a regular API
What is the regular API? How do you express all the integrations needed in this API? Who provides the integrations? Answering these questions lead you back to something like an MCP, which is an API contract that can be as generic or as specific as needed. Wasting context window to understand and re-implement each integration is why MCPs exist.
All the security issues are orthogonal, and occur regardless if invoking this API occurs via code or natural language.
Can I ask my partner to buy a product on Amazon? Can I ask my personal assistant to buy a product on Amazon? Can I hire a contractor to buy products on Amazon? Can I communicate with a contractor via API to direct them what products to buy? What if there is no human on the other end and its an LLM?
Same issue with LinkedIn. I know execs who have assistants running their socials. Is this legal?
A private business can 100% refuse service to you. Examples with regards to "delegation":
- If you come in using a form of non-cash payment that doesn't belong to you.
- If you're purchasing a car, and are filling out paperwork under someone else's name. FYI, you can buy cars on Amazon.com.
- If you attempt to pick-up a pre-order or an item earmarked for someone else.
...
Of course some businesses are more or less restrictive base on fraud chance, yada yada, but you get the idea. You're not being oppressed. Go shop elsewhere.