Skip to content
Sagan

Paper

Options, Not Clicks: Lattice Refinement for Consent-Driven MCP Authorization

Unreadunread

AI summary

The authors present Conleash, a client-side authorization middleware for Model Context Protocol (MCP) tools that moves beyond coarse "always allow" toggles. Conleash uses a risk lattice to auto-permit safe calls within known boundaries while escalating risky ones, a policy engine for user-defined invariants, and a refinement loop that converts user decisions into reusable rules. Evaluated on 984 real-world traces, it achieved 98.2% accuracy, caught 99.4% of escalations, added only 8.2ms overhead, and was preferred by 16 user-study participants over traditional methods.

Main takeaways:

  • Existing MCP authorization (broad toggles or opaque LLM decisions) causes consent fatigue and misses dangerous call arguments.
  • Conleash's risk lattice auto-permits safe calls (e.g., reading a known file) while surfacing risky ones (e.g., writing to unexpected locations) for user review.
  • A refinement loop converts one-time user decisions into reusable policies, reducing future prompts without sacrificing safety.
  • Real-world evaluation shows high accuracy (98.2%), low false-negative rate (99.4% escalation recall), and minimal latency overhead (8.2ms).
  • User study (N=16) found Conleash significantly increased trust and reduced prompting compared to traditional methods.