A few years ago my dad told me he wanted a “chainsaw mill” for Christmas. After learning that meant he wanted a contraption that holds a chainsaw in a way that he can cut logs into dimensional lumber, I asked him for a link so I could do my research.

He sent me a link and excitedly told me “most of the chainsaw mills you see online are $1000+, but I found one on sale on this website for only $70!”

Despite the obvious red flag at the price difference, I went to the website where I was greeted by a dozen more red flags. Obviously photoshopped product photos, typos in the description, a fake sense of urgency a la “only 2 left in stock”, no reviews, and a payment gateway that I had never seen before, all screamed “we will steal your identity if you buy from here”. And because of this, I had to tell my dad I wasn’t getting him a chainsaw mill for Christmas and firmly told him to not buy it himself.

At the time, I trusted my instincts. But it got me thinking - what makes one sketchy-looking store feel unsafe, and another seem fine? I’ve bought products from Amazon that have poorly photoshopped images, typos in the description, and a slew of fake reviews and thought nothing of it. What’s the difference? One word: trust.

What is trust?

Trust literally means a firm belief in the reliability, honesty, ability, and/or strength of something. To have trust in something means you feel like you can depend on it to act in your interest without oversight or approval. A trust relationship in computer science is an agreement that tells one system to accept the assertions or actions of another system. Which is a lengthy way of saying “I got your back.”

Trust is earned, not given.

Trust is built over time. You can’t earn trust in a day. Trust needs to be developed over a series of actions. And the unfortunate thing about trust is that despite how hard it is to build, it’s so easy to lose. All it takes is a single incident and it’s gone. Trust is not only hard to earn—it’s incredibly fragile.

This is what makes trust so powerful. And when you have enough trust - you become an authority.

What is an authority?

When you’ve built enough trust in your niche, you will also have an unwavering amount of credibility. This trust and credibility combined makes you an authority in your space, allowing you to vouch for others who maybe haven’t had the time to establish trust themselves.

So because you are seen with a high amount of trust, people will trust who you trust. Thus making you an authority.

This is what happened with me and the shady stores on Amazon. I’ve been shopping on Amazon for years and I trust them probably more than any other online retail vendor. Amazon hosts a significant number of 3rd party sellers as well, allowing them to sell through the platform. Amazon has earned my trust over time - even if individual sellers haven’t. That trust is extended (sometimes wrongly) to those sellers simply because they’re a part of that ecosystem. So Amazon is an authority when it comes to online purchasing.

But being an authority isn’t just a high level of trust. It’s also expertise and accountability. Amazon undoubtedly has both of those when it comes to online retail. Without expertise and accountability, the trust isn’t really there - it’s just influence. A social media influencer can absolutely build trust with their audience, but they (often) lack the expertise in something they endorse. So calling that person you see on X an authority might not quite be right.

Why does this matter?

Whether we realize it or not, we’re heavily influenced by trust and authorities. There’s a significant amount of comfort in delegating choices and assessments to somebody you trust.

In the rapidly evolving world of AI, we’re quickly opening up blind attack vectors and opportunities for API abuse. We see all these “cool new thing you NEED to try” posts with very little trust behind them. MCP servers are popping up every day that request access to your file system. This is a ripe opportunity for malicious developers to steal your credentials, install keyloggers, or takeover your machine.

We need an authority.

We need somebody who has a reputation for looking out for our best interests. Someone who can say “yes, I vouch for this MCP server (or tool or whatever else we’re on about these days), and you should too.” That way we can feel more confident the tools we’re consuming aren’t going to scrape our credentials or compromise the integrity of our data.

I’ve been seeing a lot of sites pop up recently that attempt to aggregate and categorize MCP servers. Sites like Smithery, Awesome MCP, and MCP.so are doing their best to collect MCP servers so you can see them in one place, but the sites look hurried, have typos, and offer no credibility that make us trust them. At the end of the day, they’re just lists of GitHub repos. Helpful? Yes. Trustworthy? Not yet.

Instead, what if we had a place where MCP servers were submitted instead of scraped? Code was security scanned instead of simply a GitHub repository link. Ownership was verified and indicated as an official offering. We don’t have this, but we need it. There’s a huge opportunity for someone willing to put security front and center and become an authority in the AI space.

The next few months are critical

Enterprises are chomping at the bit to have an AI story. I’m seeing lots of discussions in the Believe in Serverless community about this exact topic. Everyone wants to create an MCP server and ride a magical wave of viral adoption. But the sad truth is that nobody is consuming MCP servers yet.

If I was to guess, about 60% of MCP server consumption is coming from Claude Desktop, and the other 40% is coming from IDEs (Integrated Development Environments). The two primary reasons for this (again, speculation) is that it’s not yet easy to consume them with agents and that we don’t have an authority telling us which ones are safe.

For virality to continue, we need to make it easier to consume these AI tools, not just create them. We need an authority who can vouch for the tools and help ease the path to adoption in the process. If we don’t, discoverability will plummet and adoption won’t really take off - leaving all this hype in the dirt.

What do you think? Do you have trust issues? How can we improve on the situation? Send me your thoughts and let’s discuss.

Happy coding!