MCP Security

[Crankyxx]

Pre-submission Checklist

• I have checked that this question would not be more appropriate as an issue in a specific repository
• I have searched existing discussions and documentation for answers

Question Category

• Protocol Specification
• SDK Usage
• Server Implementation
• General Implementation
• Documentation
• Other

Your Question

When allowing access to local private data, how to ensure that the private data is not leaked? In fact, does the LLMs need to upload local data to the model server to process this data?

[kurtseifried]

Your Question

When allowing access to local private data, how to ensure that the private data is not leaked? In fact, does the LLMs need to upload local data to the model server to process this data?

Can you better define "leaked"? For example, if I enable the filesystem MCP, I explicitly want the data on those directories to be sent to an AI, and from there, my contractual relationship with the company (e.g., a paid Claude account) protects it (as we do with any service that processes data). That's not a leak; that's what I want it to do.