Generative AI

MCP Toolkit: Practical Questions You Should Ask Before Enabling an MCP Connection

Posted June 3, 2026

By Mia Rendar and Samuel C. Markel

Mia Rendar

Samuel C. Markel

As a stakeholder considering the implementation of an MCP connector, it may be difficult to glean from product documentation or marketing materials alone how the tool is functioning, and what must be done to manage its implementation.

MCP connectors provide a standardized way to connect AI models to external systems, allowing for easier proliferation of agentic AI. However, these connections also introduce new risks, including data access and privacy liability; unauthorized or erroneous actions; security vulnerabilities; accountability and governance; and third-party mismanagement.

MCP Toolkit: Contract Terms in the Context of MCP Deployment

Posted May 28, 2026

By Mia Rendar and Samuel C. Markel

Mia Rendar

Samuel C. Markel

Before reading the first three installments of Pillsbury’s MCP connector series, you may have thought MCP-connected agentic architecture was too complicated to understand. But now that you have wrapped your mind around what MCP connectors are, what legal and operational risks they pose, and how to practically mitigate those risks, you may feel ready to deploy them in your organization. But not so fast…

MCP Connectors: Mitigating the Risks of AI Agents in a Connected Architecture

Posted April 15, 2026

By Mia Rendar, Samuel C. Markel and Andrew Caplan

Mia Rendar

Samuel C. Markel

Andrew Caplan

In the most recent installment of our series on Model Context Protocol (MCP) connectors, we closed with this observation: Organizations that will manage MCP connector technology effectively are those that treat deployment as an enterprise risk concern. We promised a practical starting framework for how to think about mitigating those enterprise risks.

In this installment, we provide that framework through a hypothetical (and associated risk incidents) that illustrate how the risks may manifest in practice, annotated with suggested mitigants that may have prevented—or meaningfully limited—each issue.

MCP Connectors: Legal and Operational Risks

Posted March 6, 2026

By Mia Rendar, Samuel C. Markel and Michael McCann

Mia Rendar

Samuel C. Markel

Michael McCann

Any time a new technology emerges that includes the ability for an AI model to autonomously “reach out and interact with the world,” legal and operations teams take notice. And rightly so, the legal and operational implications of any AI autonomy deserve careful consideration. MCP connectors are powerful precisely because they reduce friction between AI models and databases, and between each prompt and the resulting action, resulting in a proliferation of agentic AI. But reduced friction cuts both ways. The same architecture that makes MCP efficient also makes it a meaningful source of risk that requires appropriate governance.

Below, we examine the key legal and operational risks that an organization should consider before and during any MCP connector deployment in its AI portfolio. It is worth noting that risks inherent in generative AI use more broadly persist when an MCP connector conduits to an LLM, but the below analysis focuses on the risk specific to the new MCP connection infrastructure.

Model Context Protocol (MCP) and Connectors: A Primer

Posted March 6, 2026

By Mia Rendar, Samuel C. Markel and Michael McCann

Mia Rendar

Samuel C. Markel

Michael McCann

We all remember the first time we beheld the majestic power of generative AI. It plans vacations! It drafts my emails! It writes my essays! … then you accidentally include “Would you like me to soften the breakup message I drafted for you to be less confrontational?” in the text you send to your now ex- and highly offended partner, and you realize quickly the glaring limitation that a large language model (LLM) has on making you more productive. The model could give you the words, but it couldn’t act on them to fix your problems. And so, agents came along, which we thought would fix the inefficiency of copying and pasting a text response. But technically, these tools were hard to scale because every connection was custom-built, one at a time. Want Claude to talk to Slack? Build a custom bridge. Want ChatGPT to talk to Google Drive? Build another custom bridge. In reality, these tools weren’t scaling in the way we thought would drive efficiency. Your dreams of building an autonomous breakup robot were just not coming to fruition.

That is until Anthropic came up with a solution. Enter the Model Context Protocol (MCP), a standardized language that allows integration of LLMs into existing data source and application structures.

EU AI Act at the Crossroads: GPAI Rules, AI Literacy Guidance and Potential Delays

Posted July 7, 2025

By Steven Farmer, Scott Morton and Mark Booth

Steven Farmer

Scott Morton

Mark Booth

The EU AI Act (AI Act), effective since February 2025, introduces a risk-based regulatory framework for AI systems and a parallel regime for general-purpose AI (GPAI) models. It imposes obligations on various actors, including providers, deployers, importers and manufacturers, and requires that organizations ensure an appropriate level of AI literacy among staff. The AI Act also prohibits “unacceptable risk” AI use cases and imposes rigorous requirements on “high-risk” systems. For a comprehensive overview of the AI Act, see our earlier client alert.

Legal Definitions of AI: Considerations and Common Threads

Posted May 14, 2025

By Mia Rendar and Gabby Regard

Mia Rendar

Gabby Regard

By now, we all know what AI is. Some of us use ChatGPT as our search engine, confidant, secretary, travel agent, and much more. Others, at least, are acutely aware that AI exists, because everyone else is talking about it, possibly making money from it, or losing their jobs to it.

California Legislature Passes Generative AI Training Data Transparency Bill (UPDATED)

Posted September 20, 2024

By Mia Rendar, Andrew Caplan and Erin Choo

Mia Rendar

Andrew Caplan

Erin Choo

The California legislature recently passed Assembly Bill 2013 (AB 2013) on August 27, 2024, a measure aimed at enhancing transparency in AI training and development. If signed into law by Governor Gavin Newsom, developers of generative AI systems or services that are made available to Californians would be required to disclose significant information on the data used to train such AI systems or services. This, in turn, may raise novel compliance burdens for AI providers as well as unique challenges for customers in interpreting the information.

Implementing a Policy for Employee Use of ChatGPT in the Workplace

Posted May 11, 2023

By Scott Morton, Edward A. Cavazos and Steven Farmer

Scott Morton

Edward A. Cavazos

Steven Farmer

The use of generative AI tools, like ChatGPT, are becoming increasingly popular in the workplace. Generative AI tools include artificial intelligence chatbots powered by “large language models” (LLMs) that learn from (and share) a vast amount of accumulated text and interactions (usually snapshots of the entire internet). These tools are capable of interacting with users in a conversational and iterative way with a human-like personality, to perform a wide range of tasks, such as generating text, analyzing and solving problems, language translation, summarizing complex content or even generating code for software applications. For example, in a matter of seconds they can provide a draft marketing campaign, generate corresponding website code, or write customer-facing emails.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: