On IoT and MCPs

technology
Written By Kristopher Sandoval

This great post by Kevin Swiber got me thinking about the mid-2010s dream of the IoT and the concerns and issues it generated. This is going to be a bit stream-of-consciousness, but follow me on this.

First, some background. During the heyday of IoT in the early-through-mid 2010s, there was this dream of having an interconnected network of devices using micro computing and the cloud to provide next-gen systems. One example I often gave was the idea of having a heart monitor IoT device that connected to your watch, local monitoring, your phone, etc., so that you could identify health issues, treat them, and monitor efficacy and safety over time.

The big concern I had then was around security - I talked about this on a Nordic APIs LiveCast, but my core theory evolved into "this is a lot of danger and work for something that doesn't really do much more than dumb devices reporting to a local network".

I felt like the security issues (hacking your body to kill a target was a serious concern I had for something like an IoT pacemaker) really weren't worth the minor gains in processing speed or code locality. It felt like we were exposing a lot of systems that didn't really need to be exposed, and while I certainly am no luddite, I felt like this was maybe a step too far - it would have to wait for some big evolution.

Following Kevin's post (which I responded to here), I started thinking about what these IoT use cases might look like with LLMs. Right now LLMs are by and large too big for local systems, but they're getting smaller and more efficient. As these systems evolve to be more portable, and local storage of 2025 scales in huge degrees compared to storage of 2005, I've started to reconsider what I felt was the "dead dream of IoT".

Put simply, I am getting the feeling that a combinatory solution like SPIFFE for workload attestation paired with MCP servers to provide scalable contextualization might be that evolution I was waiting for. If the problem is safety, in theory workload attestation through SPIFFE/SPIRE should resolve a lot of those concerns. And if the issue was efficacy and locality of processing, a local mini-LLM leveraging cloud-based or local MCP resourcing to provide context (e.g. health records collected automatically, medicine guidelines (in the US, USPI) should resolve that issue handily if properly built out.

Am I pulling at wild strings here?

Kristopher Sandoval