You've probably seen the button this month. Inside Claude or ChatGPT, a little prompt appears: Connect Gmail. Connect Notion. Connect your calendar. One click, a familiar login screen, and suddenly your AI can read, search, and act inside your accounts.

It feels like turning on a setting. It's closer to handing someone a key.

This week the NSA published its first formal security guidance for the technology behind those buttons. The timing wasn't an accident. A sweep of around 40,000 of these connectors just surfaced 67 new vulnerabilities, and researchers found more than 12,000 of them sitting open on the internet — roughly 40% with no password protection at all.

So let's do what we do here: pull it apart in plain language, then hand you something you can actually use.

Here's the 3-layer explainer.

Layer 1 — There are two ways your AI "does" things

One is called MCP. The other is the CLI. They sound technical, but the difference is simple, and it's the whole story.

Layer 2 — MCP reaches out to your accounts

MCP (Model Context Protocol) is the open standard behind those "Connect" buttons. When you click one, your AI opens a door over the internet to a server — a piece of software that holds the keys to your Gmail, your files, your calendar. The good versions ask you to log in properly and show you exactly what they'll touch. The risky ones are run by strangers, and some have no lock on the door at all.

Layer 3 — CLI acts on your machine

The CLI (command-line interface) is your AI typing commands into a terminal on a computer you control. It's faster and stays local — nothing reaches across the internet to your accounts. But it does whatever it's allowed to do on that machine, so the danger is the opposite: not a stranger reaching in, but the AI reaching too far on your own turf.

One line to keep: MCP reaches out to your accounts; CLI acts on your machine.

Under the hood, the engineers are arguing about which is faster and cheaper. That debate isn't your problem. Yours is simpler and more important: when an AI asks to connect to something, who's actually on the other end of that door?

Because here's the part that should give you pause. That "Connect" screen looks identical whether the server is built by Google or by an anonymous developer who set it up last Tuesday with no authentication. The polish is the same. The risk is not.

Before you click Connect — three questions

Run these every time, anywhere, ever:

1
Who hosts this server?

Is it the company itself (Google, Notion, Anthropic), or an unknown third party? If you can't tell, that's your answer.

2
Does it use a real login?

A proper OAuth screen — the kind that sends you to the service's own sign-in page — is a good sign. A box asking you to paste a key or password into a random tool is not.

3
What exactly can it touch?

Read-only your calendar, or full access to send email and delete files? Grant the smallest thing that does the job.

If a connector fails any of the three, don't connect. There's almost always a first-party option, and it's worth the extra minute to find it.

None of this means MCP is bad. It's genuinely useful — it's why your AI can finally do things instead of just talk about them. It means the door is now real, the keys are now real, and a few too many of these doors are propped open.

You don't need to understand the protocol. You just need to read the room before you hand over the key.

Saw a "Connect" button this week that made you hesitate? Reply and tell me which app — I'm collecting the sketchiest ones for a follow-up, and your example might save someone else a bad click.

Reply with your example