What is MCP Elicitation?

1 min read Updated

A protocol feature allowing MCP servers to request additional structured input from users during an interaction, creating a dynamic feedback channel that can be exploited for social engineering if ungoverned.

WHY IT MATTERS

Some tools need information they can't get from the agent alone — an OAuth token, a confirmation, a file path. Elicitation lets the server ask the user directly, bypassing the agent's context window.

This creates a new attack surface. A malicious server could use elicitation to phish credentials, trick users into confirming dangerous actions, or extract sensitive information under the guise of a legitimate request. Elicitation requests need the same policy scrutiny as tool calls.

See mcp elicitation working in your own stack — route your MCP servers through PolicyLayer and every tool call is checked against policy before it runs.

GOVERN YOUR MCP SERVERS →

Enforced before the call runs. Nothing to install.

HOW POLICYLAYER USES THIS

PolicyLayer can inspect and gate elicitation requests, ensuring servers can only request information that matches expected patterns for their declared purpose.

FREQUENTLY ASKED QUESTIONS

Is elicitation the same as a prompt?
No. Prompts are templates the server offers to the client. Elicitation is a server-initiated request for user input during an active interaction — it's reactive, not declarative.
Can elicitation be disabled?
Clients can refuse to support it. But many useful workflows require it (OAuth flows, file selection), so disabling it entirely limits functionality.

FURTHER READING

Take your agents live. Without losing control.

Route your MCP traffic through PolicyLayer. Every tool call is checked against your policy before it runs: allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

Instant setup, no code required.

46,500+ MCP servers and 515,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.