How is MCP different from RAG?

RAG retrieves and injects text into prompts. MCP provides structured tools and actions, enabling models not only to read but also to perform operations (create issues, run queries) with proper schemas and guardrails.

What are the main security risks?

The biggest risk is indirect prompt injection through untrusted content, which can cause tools to be misused. Additional risks include tool poisoning, credential leakage, and overly broad permissions.

What Is MCP: Model Context Protocol & What Does an MCP Server Do?

Q: What is the Model Context Protocol (MCP)?

MCP is an open standard that defines how AI applications (LLMs and agents) connect to external tools and data sources via clients and servers, enabling secure, structured, two-way interactions.

Q: What does an MCP server do?

An MCP server exposes tools and resources (APIs, files, databases) to AI clients in a consistent interface, handling permissions, schema, and execution so models can act with real-world context.

byZain Malik
-August 30, 2025

AI Agents · LLM Tooling · Security

Table of Contents

What Is MCP: Model Context Protocol & What Does an MCP Server Do?

Updated: Aug 30, 2025 Read time: 9–11 mins Keywords: MCP, MCP server, AI agents

What is the Model Context Protocol (MCP)?

Model Context Protocol (MCP) is an open standard that defines a consistent, secure way for AI applications and agents to access external tools and data sources. In short, MCP is like a USB‑C for AI: a universal connector between LLMs and the real-world systems where your data and actions live.

Why it matters: With MCP, you can stop writing bespoke integrations for each model or app. Build once as a server, reuse everywhere as clients connect.

What is an MCP server?

An MCP server is the bridge that exposes tools (actions) and resources (data) — such as REST APIs, databases, or local files — to MCP clients (agentic apps, IDEs, or chat interfaces). The server defines the capabilities and schemas; the client discovers and safely invokes them.

Server responsibilities

Expose tool endpoints with clear input/output schemas
Advertise readable resources (e.g., files, tables)
Handle auth, rate limits, policy, and observability
Return structured results and actionable errors

Client responsibilities

Discover servers, list tools/resources
Decide when and how to call tools during reasoning
Render results to users and request additional consent when needed

MCP vs RAG vs function calling

When MCP shines

Actionable workflows: create tickets, run queries, send emails
Composable integrations: one server, many clients
Up-to-date context: live systems, no stale embeddings

When RAG or plain function calls are enough

Read-only search over large corpora (RAG)
Simple, app-specific actions tightly coupled to a single UI

Bottom line: RAG retrieves text; MCP provides structured tools & actions with standardized discovery, permissions, and schemas.

Architecture & core concepts

MCP client: the AI application/agent (e.g., desktop app, IDE, chat UI)
MCP server: component that exposes tools/resources via the protocol
Tools: parameterized actions (e.g., create_issue(repo, title))
Resources: readable context (e.g., files://specs/*.md, db://analytics/sessions)
Sessions: scoped interactions with lifetimes, policies, and logs

{
  "tool": {
    "name": "create_issue",
    "input_schema": {"type":"object","properties":{"repo":{"type":"string"},"title":{"type":"string"}}},
    "output_schema": {"type":"object","properties":{"url":{"type":"string"}}}
  },
  "resource": {
    "uri": "db://analytics/sessions",
    "schema": {"type":"array","items":{"type":"object"}}
  }
}

Practical use cases for MCP servers

Engineering productivity: repositories, CI/CD, issue trackers
Data & analytics: query warehouses, generate charts, schedule jobs
Customer ops: CRM updates, ticket summarization, outreach drafts
Knowledge ops: read knowledge bases and update runbooks
Security/IT: run scoped diagnostics, fetch logs, open incidents

Quickstart: build a basic MCP server

Pick an SDK: Start with official TypeScript or Python server SDK.
Define tools/resources: Focus on high-value actions with clear schemas.
Guard access: Use API keys/OAuth, per-tool scopes, and allowlists.
Test with a client: Connect via an MCP-enabled app/agent and verify flows.
Harden: Add timeouts, rate limits, sandboxing, and injection scanning.
Deploy: Ship behind a gateway; monitor logs and success/error rates.

View official docs & SDKs Read security guidance

Security risks & defenses (must‑read)

MCP unlocks write actions — which means threat modeling is essential. Start with least privilege and explicit user consent for sensitive tools.

Indirect prompt injection: Treat untrusted content as hostile; scan inputs and add content provenance checks.
Tool poisoning: Allowlist servers and signed tool manifests; pin versions and hashes.
Credential leakage: Use short‑lived tokens; never echo secrets back into model context.
Overbroad scopes: Give each tool the minimum set of permissions and rate limits.

Tip: Log every tool call (who, what, when, inputs/outputs) and alert on anomalies (spikes, unusual parameters, cross‑server chains).

FAQs

Is MCP a replacement for plugins?

MCP generalizes the idea: instead of per‑app plugins, a single server can serve many MCP‑capable clients with consistent discovery and schemas.

Do I still need RAG with MCP?

Often yes. Use RAG for large read‑only corpora; use MCP when the agent must act (create/update) or when you want standardized tool discovery.

Can MCP servers run locally?

Yes. Many teams start with local servers (e.g., file access) and later deploy to cloud with gateways, auth, and monitoring.

References

AI, Blog

Zain Malik

Writer & Blogger

All Post
Africa
AI
America
Asia
Blog
Career & Learning
Emerging Technologies
Europe
Global Affairs & Innovation
Lifestyle & Culture
Money & Business
News & Updates
Opinion & Editorials
Personal Growth & Productivity
Tools & Tutorials
Travel Tips

AI, Blog