{"slug": "mcp-needs-an-approval-button", "title": "MCP Needs an Approval Button", "summary": "The Model Context Protocol (MCP) lacks a cryptographically verified human approval mechanism, leaving systems vulnerable to unauthorized changes. Without a mandatory approval button, agents can execute irreversible actions like purchasing tickets, deleting folders, destroying databases, or approving pull requests without user consent.", "body_md": "# MCP needs an approval button\n\n*\n*\n\nMCP is cool but it needs a *verified* human in the loop approval button. Here's what I mean in a picture.\n\nThe reason this is important is because there must be a cryptographically verified way for the server to guarantee that it showed you the payload and that *you* the human have approved it.\n\nIf the MCP is set up in such a way that the specific method is gated behind human, there is no way for the agent to make changes on your behalf no matter how hard it tries.\n\n### Examples of what can be achieved\n\n- transactions like purchasing flight tickets\n- irreversible changes to a system like say deleting some folder\n- destroying an DynamoDb table\n- approving a Github PR", "url": "https://wpnews.pro/news/mcp-needs-an-approval-button", "canonical_source": "https://simianwords.bearblog.dev/mcp-needs-an-approval-button/", "published_at": "2026-06-04 17:30:16+00:00", "updated_at": "2026-06-04 17:49:05.936767+00:00", "lang": "en", "topics": ["ai-safety", "ai-agents", "ai-ethics", "ai-policy"], "entities": ["MCP", "DynamoDb", "Github"], "alternates": {"html": "https://wpnews.pro/news/mcp-needs-an-approval-button", "markdown": "https://wpnews.pro/news/mcp-needs-an-approval-button.md", "text": "https://wpnews.pro/news/mcp-needs-an-approval-button.txt", "jsonld": "https://wpnews.pro/news/mcp-needs-an-approval-button.jsonld"}}