- From: Paola Di Maio <paola.dimaio@gmail.com>
- Date: Sat, 28 Feb 2026 20:39:17 +0800
- To: public-webagents <public-webagents@w3.org>, W3C AIKR CG <public-aikr@w3.org>
- Message-ID: <CAMXe=SrhA8GZB9TGt9sxONhbAJ9bCAH_4f5FVkeNWD8rXhp=yw@mail.gmail.com>
Anssi and everyone thanks in advance for handling concerns with diligence and patience Just venting some concerns for discussion, before catastrophic failures may accidentally occur I may or may not be able to flag these in Github (.....) PDM *Technical Note* *28 February 2026 * *FROM PDM W3C AI KR CG * *TO ALL* ------------------------------ WebMCP is a draft specification with empty security and accessibility sections. It is not a W3C Standard. Commercial products and services are already available WebMCP is a proposed browser API being incubated by the W3C Web Machine Learning Community Group. It allows websites to expose JavaScript functions as structured tools that AI agents can discover and invoke. Chrome 146 ships an early preview behind a feature flag. The draft is dated 27 February 2026. The spec itself states: "It is not a W3C Standard nor is it on the W3C Standards Track." (Source: https://webmachinelearning.github.io/webmcp/) Security and Privacy? The specification's Security and Privacy section is empty. It contains only a TODO comment linking to a separate document. The Accessibility section is completely empty -- no text at all. All four core API method definitions say "TODO: fill this out." This means there is currently no normative guidance on how browsers should handle prompt injection through tool descriptions, how users should be informed when tools are registered on a page, how cross-origin tool data should be isolated, what consent model should govern agent-to-tool interaction, or how WebMCP tools relate to the existing accessibility tree. (Source: https://github.com/webmachinelearning/webmcp/blob/main/index.bs) Already on the Market? Multiple commercial ventures have launched products and services around WebMCP within days of the Chrome preview. These include paid "Agent Readiness" assessments, enterprise security scanners, CLI audit tools, CMS plugins, and partner programs -- all built on a specification that has not defined its own security model. Businesses are being told to annotate their forms with WebMCP attributes so AI agents can submit them programmatically. Fear-of-missing-out marketing frames this as "SEO for AI" and warns that companies who do not implement WebMCP will be "skipped by agents." This is premature. The security implications of exposing website functionality to autonomous agents through a browser API without a defined consent model, permission framework, or threat analysis have not been resolved by the standards body. Selling security tooling for a threat model that does not yet exist is not responsible engineering. What WebMCP Is Not WebMCP is not the Model Context Protocol (MCP). It does not implement the MCP wire protocol (JSON-RPC 2.0). It is not interoperable with MCP client libraries. It borrows the tool abstraction -- functions with schemas and descriptions -- but implements everything through browser-native mechanisms. The name creates confusion that is being commercially exploited. (See Technical Note 3: https://github.com/Starborn/webmcp/blob/main/WebMCnotMCP.md) What You Should Do If you are a developer: contribute and experiment with the Chrome preview, but do not deploy WebMCP tools on production sites until the security model is defined. If you are buying services: no commercial product can deliver WebMCP security compliance because the spec has not defined what compliance means. If you are a standards participant: the W3C Web Machine Learning Community Group meets next on 5 March 2026. Comments can also be submitted via the public mailing list (public-webmachinelearning@w3.org) or as GitHub issues ( https://github.com/webmachinelearning/webmcp/issues). The window for meaningful input is now. References - W3C Draft Spec: https://webmachinelearning.github.io/webmcp/ - Spec Source (index.bs): https://github.com/webmachinelearning/webmcp/blob/main/index.bs - Security/Privacy Doc (separate, not in spec): https://github.com/webmachinelearning/webmcp/blob/main/docs/security-privacy-considerations.md - Technical Notes 1-3: https://github.com/Starborn/webmcp/ - W3C CG Mailing List: public-webmachinelearning@w3.org - Issue Tracker: https://github.com/webmachinelearning/webmcp/issues ------------------------------ *. Corrections and discussion welcome.*
Received on Saturday, 28 February 2026 12:40:00 UTC