What is MCP Sampling?
MCP sampling is a capability in the Model Context Protocol that allows an MCP server to request LLM completions through the connected client — enabling servers to leverage AI reasoning without directly accessing an LLM API.
WHY IT MATTERS
In standard MCP, the flow is one-directional: the client (agent) calls tools on the server. Sampling reverses this — the server asks the client to generate LLM completions. This enables servers to use AI capabilities provided by the client's model.
Use cases include: a tool server that needs to analyse data using the client's LLM, a code review server that needs AI reasoning for intermediate steps, or a workflow server that enriches its responses with LLM-generated content.
Sampling raises significant security considerations. A malicious MCP server could use sampling to extract information from the client's context, consume the client's model quota, or probe the client's system prompt. Policy controls on sampling requests are essential.
HOW POLICYLAYER USES THIS
Intercept can enforce policies on MCP sampling requests. YAML policies can rate-limit sampling calls from servers, restrict the types of sampling requests permitted, and log all sampling activity for audit. This prevents malicious or misconfigured servers from abusing the client's LLM access through excessive or unauthorised sampling.