Mcp | Thomas Talks AI: AI Agent Security, Claude Code & Production Engineering

Diagram showing Claude Code MCP blast radius controls with allowed tools, write scope, audit trail, and approval gate

Claude Code MCP tools need a blast radius

MCP tools make Claude Code far more useful, but broad access turns a weak prompt into a production risk. Treat every tool as blast radius, not convenience.

Cover of Securing Enterprise AI Agents by Thomas De Vos

Securing Enterprise AI Agents is live

I published Securing Enterprise AI Agents, a practical book on bounded AI autonomy, AgentSecOps, MCP security, RAG governance, identity, evals, policy, and evidence.

Diagram showing Claude Code permissions as a control loop: scope first, run narrow, leave evidence, and adjust access

Claude Code review is too late if permissions are wrong

Human review matters, but it cannot fix every bad Claude Code boundary after the run. Production teams need scoped permissions, MCP limits, hard stops, and evidence before widening access.

Diagram showing how MCP tools widen Claude Code blast radius from local repository access to external systems unless boundaries, approval, logs, and rollback are added

Claude Code MCP tools need a blast radius, not a vibe check

MCP makes Claude Code more useful, but every server also widens the blast radius. Treat MCP tools as production access paths with allowlists, approval gates, call logs, and rollback notes.

Cover of Claude Code: Building Production Agents That Actually Scale by Thomas De Vos

Claude Code book is live on Amazon Kindle

Claude Code: Building Production Agents That Actually Scale is now live on Amazon Kindle. Here is who it is for and why I wrote it.