No it isn't. MCP is a security nightmare, just as bad as crypto "smart contracts".

The protocol already has been riddled with embarrassing vulnerabilities which is already a badly designed standard and would already be a disaster if it was applied all over the web.

Security consultants are having a feast on breaking these LLM apps just like they did with the crappy "smart contracts" in crypto. Adding MCP to the mix would just make it all worse.

Neither of them is "Web 3.0".

MCP's "security nightmare" and toll poising was all is due to people downloading and `exec`ing random untrusted executables. I mention and link it in the article. Same would be true if you downloaded a random REST server, ran it on your computer, and started doing random cURLs to it. MCP over HTTP is just REST for LLMs.

I agree that the current ecosystem pushes for insecure use of MCP, but if we move to using trusted HTTPS-hosted services with OAuth (which is all in the spec), the security issues would be on par with any REST service.

I think the argument "MCP is Web 3" should be interpreted more-or-less as "LLM interoperability is Web 3"

Web 3.0 was already claimed by the Semantic Web in 2006 or even earlier, come up with your own buzzwords.

Well, that sounds dreadful.

So now every trend that spawns a subtrend is the new real web 3.0

I don't think so, I write about why I think this one warrants it though in the article. Do you disagree with any specific points?