🧠 Model Context Protocol (MCP) — AI / ML Interview Guide

Agentic Systems · interactive visualization + interview prep

Open the interactive Model Context Protocol (MCP) visualization on PrepGrind → Step through a live animation, tune the parameters, and read the full theory, math, reference code, and interview Q&A below — free, in your browser.

What it is

MCP is an open standard for connecting AI apps to tools and data. Instead of hand-wiring every integration, a HOST app runs an MCP CLIENT that speaks one protocol to many MCP SERVERS — each server exposes tools, resources, and prompts. It’s like USB-C for AI: one connector, any peripheral.

Mental model

USB-C for AI. Before, every app needed a custom cable to every tool — the M×N integration mess. MCP is the universal port: an app implements ONE client, a tool implements ONE server, and any client plugs into any server. The model still decides WHAT to call (that is function calling); MCP standardizes WHERE the tools live, how they are discovered, and how the app talks to them.

Theory

MCP (Model Context Protocol) is an open standard for connecting AI applications to external tools and data. It targets the M×N integration explosion: M apps each hand-wiring connectors to N tools is M×N bespoke integrations. With a shared protocol it becomes M+N — apps implement one client, tools implement one server, and everything interoperates.

The architecture has three roles. The HOST is the AI application (e.g. an IDE assistant). Inside it run one or more CLIENTS, each speaking MCP to exactly one SERVER. A SERVER is an external process exposing capabilities. One host can run many clients to many servers simultaneously.

A connection begins with an initialize handshake and capability negotiation, after which the server advertises three kinds of things: TOOLS (functions the model can call), RESOURCES (data/context it can read), and PROMPTS (reusable templates). The client discovers these dynamically, so adding a new server grants the host new capabilities with no code changes.

MCP is often confused with function calling but sits at a different layer. Function calling is the MODEL deciding to invoke a tool and producing the arguments. MCP is the TRANSPORT and DISCOVERY layer underneath — where those tools live, how the app connects, and how capabilities/resources/prompts are exchanged. They compose: the model function-calls; MCP carries it to the right server.

Security is central because servers can expose powerful tools and sensitive data. Connecting an untrusted server is dangerous; a prompt-injected model could misuse a connected server. The defenses are trust boundaries, permission prompts, capability scoping/least privilege, and injection guards — the same concerns as tool calling, amplified by easy pluggability.

Concrete example

A coding assistant (host) connects via MCP to a GitHub server and a Postgres server. Now the model can call create_issue or query a database through the SAME protocol — no bespoke integration per tool. Swap in a new server and the model gains new capabilities instantly.

Key equations

• host (AI app) ⊃ client ⟷ server (one per integration)
• initialize: client ↔ server handshake & capability negotiation
• server exposes: tools (functions), resources (data), prompts (templates)
• model → client → server: call a tool / read a resource
• server executes → returns result → back into the model’s context

Step by step

1. The host app starts an MCP client.
2. The client connects to an MCP server (initialize handshake).
3. The server advertises its tools and resources.
4. The model decides to call a tool through the client.
5. The server executes it and returns the result to the model.

Interview questions & answers

What problem does MCP solve?

The M×N integration explosion: M apps each needing custom connectors to N tools. MCP makes it M+N — apps implement one client, tools implement one server, and they interoperate through a shared protocol.

Host vs client vs server?

Host = the AI application (e.g., an IDE assistant). Client = the connector inside the host that speaks MCP (one per server). Server = an external process exposing tools/resources/prompts. One host can run many clients to many servers.

How is MCP different from plain function calling?

Function calling is the model deciding to invoke a tool. MCP is the STANDARD TRANSPORT and discovery layer for where those tools live and how the app connects to them — capabilities, resources, and prompts, not just function schemas.

What are the security considerations?

Servers can expose powerful tools/data, so you need trust, permission prompts, scoping, and guarding against prompt-injection that tries to misuse connected servers.

Common pitfalls

• Connecting untrusted servers — they can expose sensitive tools/data.
• Confusing MCP (the connection standard) with the model’s function-calling ability.
• No permissioning → a prompt-injected model misusing a connected server.

Where it shows up

• Claude Desktop / IDE assistants connecting to MCP servers
• GitHub, filesystem, database, Slack MCP servers
• Agent platforms standardizing tool/data access

More AI / ML interview concepts

• Neural Networks & Backpropagation
• Gradient Descent & Optimizers
• Activation Functions
• K-Means Clustering
• Self-Attention
• Multi-Head Attention
• Softmax, Temperature & Sampling
• Tokenization (Byte-Pair Encoding)
• Positional Encoding
• KV Cache
• Rotary Position Embedding (RoPE)
• The Transformer Block
• Normalization (LayerNorm / RMSNorm)
• Multi-Query & Grouped-Query Attention
• Flash Attention
• Decoding: Beam Search & Speculative Decoding
• Embeddings & Cosine Similarity
• RAG (Retrieval-Augmented Generation) Pipeline
• Vector Search (HNSW)
• Chunking & Reranking
• ReAct Agent Loop
• Tool / Function Calling
• Multi-Agent Orchestration
• Planning & Task Decomposition
• Agent Memory
• Quantization
• LoRA / PEFT Fine-Tuning
• Mixture of Experts (MoE)
• RLHF / DPO Alignment
• Evals & LLM-as-Judge
• Prompt Injection & Guardrails
• Knowledge Distillation

PrepGrind runs entirely in your browser, free, no installation required. Loading the interactive playground…