AI agents are clicking buttons with your credentials. WebMCP lets pages declare tools for agents to call, but it trusts the page to be honest. That's the same assumption that gave us phishing.

I wrote about why agentic AI needs a real consent layer, not just better sandboxes.

https://jotter.jonathankingston.co.uk/blog/2026/02/22/consent-is-all-you-need/