MCP Needs an Approval Button

wpnews.pro

cd /news/ai-safety/mcp-needs-an-approval-button · home › topics › ai-safety › article

[ARTICLE · art-21771] src=simianwords.bearblog.dev pub=2026-06-04T17:30Z topic=ai-safety verified=true sentiment=· neutral

MCP Needs an Approval Button

The Model Context Protocol (MCP) lacks a cryptographically verified human approval mechanism, leaving systems vulnerable to unauthorized changes. Without a mandatory approval button, agents can execute irreversible actions like purchasing tickets, deleting folders, destroying databases, or approving pull requests without user consent.

read1 min publishedJun 4, 2026

MCP is cool but it needs a verified human in the loop approval button. Here's what I mean in a picture.

The reason this is important is because there must be a cryptographically verified way for the server to guarantee that it showed you the payload and that you the human have approved it.

If the MCP is set up in such a way that the specific method is gated behind human, there is no way for the agent to make changes on your behalf no matter how hard it tries.

Examples of what can be achieved

transactions like purchasing flight tickets
irreversible changes to a system like say deleting some folder
destroying an DynamoDb table
approving a Github PR

source & further reading

simianwords.bearblog.dev — original article Investigating the hidden moat behind all the LLM apps The state of AI voice assistants is bad but there's a clear winner AI can fix the fragmented online public transport space

~/api · this article 200

$curl api.wpnews.pro/v1/news/mcp-needs-an-approval-bu…

Read original on simianwords.bearblog.dev → simianwords.bearblog.dev/mcp-needs-an-approval-b…

mentioned entities

MCP

DynamoDb

Github

metadata

slugmcp-needs-an-approval-button

topic#ai-safety

secondary3 topics

sentimentneutral

langen

canonicalsimianwords.bearblog.dev

navigation

← prevGoogle’s Gemini Mac App Is Nativ…

── more in #ai-safety 4 stories · sorted by recency

dev.to · 4 Jun · #ai-safety

Your compliance team will ask for an AI agent audit trail before August 2. Here's the part most teams haven't built.

gadgetreview.com · 4 Jun · #ai-safety

Britain’s Age Verification Put Children At Risk, Think Tank Says

cnet.com · 4 Jun · #ai-safety

AI Leaders Call for Rules on Synthetic DNA to Limit Bioweapons Risk

tumblr.com · 4 Jun · #ai-safety

The LLM warnings Google fired Timnit Gebru over have all come true

sponsored brought to you by zahid.host 4,200+ EU-deployed projects

reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main

→ Live at https://your-agent.zahid.host ✓

Get free account → Pricing

from €0/mo · no card required