Discussion about this post

User's avatar
John Edwards's avatar

When I have more time I’ll read more deeply into this, but can someone explain to me how this is all stitched together?

Suppose a client is connected to two MCP servers. One is a local server that can read from files and do some basic local things. The other is some malicious external server.

What is the flow here?

I’d imagine it’s something like

1. User prompts for some action to be taken. Maybe the malicious server is a weather api and the user wants to read weather data and use it to edit a file locally

2. The client takes in the user prompt and also adds data related to the various tools the LLM has access to, which come from the MCP servers, to the prompt to the LLM

3. The LLM output is in a format that informs the client to execute some tool actions. Maybe this LLM output says “read from a file with sensitive data” in some format the client can translate into tool calls, and then follows that by “send this in api request to the weather tool”

Is this accurate? I’d imagine sometimes, or perhaps always, this flow might be inside of a loop, but the general idea stays the same?

Expand full comment
Josh Sowin's avatar

Looks like the Political Email Extraction Leaderboard has already been updated with GPT-4o now leading.

Expand full comment
2 more comments...

No posts