Addressing security & quality issues with MCP tools - Vercel

Model Context Protocol (MCP) is gaining traction as a standard for federating tool calls between agents, offering a microservice architecture that enables tool reuse across AI applications. However, using MCP tools in production can introduce risks such as unexpected changes to tool names, descriptions, and schemas, which can lead to security, cost, and quality issues. The mcp-to-ai-sdk addresses these challenges by generating static AI SDK tool definitions from any MCP server, allowing enterprises to lock tool schemas and descriptions in their codebase and update them explicitly. This approach reduces the risks of prompt injection and unexpected capability introductions while controlling costs and improving latency by selectively loading necessary tools. By vendoring tool definitions, companies can benefit from MCP's discovery capabilities during development while ensuring stability and security in production environments. As AI systems transition from prototypes to production, this method provides a balance between flexibility and reliability, emphasizing the importance of secure and reviewable development practices.