Remove MCP support
The presence of code whose only purpose is to leak secrets to AIs is a vulnerability magnet and has no utility.
Even if you are using AI for production workloads, everything should be going through a proxy that holds secrets, where a user can review every action it takes; as every single product in this category says, "AI can make mistakes" and it should not be allowed to make mistakes with sensitive data.
Any secret exposed to a model, at the very least, goes through the model provider and leaks your secrets into their logs.
I currently have the MCP server disabled in the "labs" section of the app, but its presence there is a constant source of anxiety and makes me think of migrating to Apple's passwords app every time I see it.
