So What? How to get started with WebMCP

Katie Robbert – 00:34

Well, hey everyone. Happy Thursday. Welcome to So What, the Marketing Analytics and Insights live show. I’m Katie, joined by Chris and John. We got the band back together. John is under a tornado watch, so if he suddenly blows away, thoughts—

John Wall – 00:53

And prayers. John, see the house spinning.

Katie Robbert – 01:00

This week we are talking about how to get started with WebMCP. Chris, this is something you’ve been working on for quite a bit, trying to get working in the sense of what you’re going to show today. If I recall correctly—I could be wrong, but if I recall correctly—basically, a WebMCP is, for lack of a better term, a plugin that you install into your website that allows things to happen in an automated way.

Christopher Penn – 01:32

That is part of it, yes.

Katie Robbert – 01:34

Okay. Well, at least I’ll take that. I’m on the right track. I will take the win there.

Christopher Penn – 01:39

Exactly. We should probably start with a bit of history. MCP, which stands for Model Context Protocol, is a way for AI tools like Claude Desktop or ChatGPT to interact with systems outside of them. If you’ve used Claude’s connectors, for example, to talk to your Salesforce or your HubSpot, you’re using an MCP. It’s an API for AI, which is the way we typically describe it.

MCP servers have been around now for two-ish years, and they’ve been met with moderate success, mostly because they’re a pain in the butt to set up. But if you get them working, it allows your AI tool to talk to all kinds of different systems and do stuff that it was never programmed to do in the first place by letting AI talk to those systems.

Christopher Penn – 02:30

WebMCP is a new specification that is in draft by the World Wide Web Consortium (W3C), promoted most heavily by Google and Microsoft to do the same thing for AI agents. Katie, you and I talked about this on this week’s Trust Insights podcast, which you can find at TrustInsights.ai TI Podcast.

This is agentic SEO, which is different than GEO or AEO, and different than AI visibility. Those are about whether we can get AI to recommend your company. Agentic SEO is about whether we can get AI agents to work with your website.

Katie Robbert – 03:19

What we had talked about was that agents are now seeking out information on behalf of the end user. I could send my Katie AI agent out to the web and say, “Sign me up for six newsletters that match my interests.” But now the agent has to go out and not only find the content, but also have a place to go to actually do the signing up. If that doesn’t exist, then the content’s great and all, but it’s not going to be able to complete the task as I’ve asked it.

Katie Robbert – 04:01

If I’m following WebMCP, the way that you described it in the podcast was it’s sort of like putting an invisible app store on your website so that when these agents go out, they can say, “Yes, I want one of these and two of these. Let me bring it back to my end user who’s asked me to go fetch these things.”

Christopher Penn – 04:25

Exactly right. WebMCP tells an agent when it arrives, “Here’s what’s available, and here’s what you can do.” If it were to arrive, for example, at the Marketing Over Coffee website, it would be given options like subscribe to the podcast, sign up for the newsletter, or join the text line. If it goes to the Trust Insights website, it would say search for blog posts, or sign up for the Trust Insights newsletter or the podcast.

That’s the idea when an agent arrives. This could be anything—it could be Claude Code or Claude Cowork. Katie, you could take your Claude Cowork and say, “I want more stuff in my inbox. Go find me stuff.” It then goes and searches the web regularly, which is still GEO.

Christopher Penn – 05:11

But once it arrives at the Trust Insights website, it says, “Oh, there’s a store here. What’s in the store?” It sees the newsletter sign-up and says, “My user requested to sign her up for newsletters, so I’m going to take advantage of this mini-app here.” These are invisible to humans. Humans do not see these; this is solely for agents.

Katie Robbert – 05:31

That was one of my first questions to you: am I adding a whole bunch of stuff to my website that humans aren’t going to want to see or that is going to be confusing? When we talk about visibility to these large language models, there is visible content that we create both for the human and for the machine. We’ve taught people how to add those disclaimers like, “This is for a large language model to read,” which are those long lists of blurbs we’ve added to our websites.

What we’re talking about with WebMCP, to your point, is different. It is not visible to humans. It’s almost like metadata where you can see it behind the scenes, but as you’re looking at the user experience of your website, you don’t necessarily see it.

Katie Robbert – 06:19

You have to seek it out from behind the facade of whatever the user is seeing. We’re using “store” or “app store” as a placeholder proxy for what we’re describing. There could be money exchanged, but we’re really talking about things that your agentic system can do—essentially taking things off these invisible shelves and taking action on them. If those don’t exist, then the agent is just doing what the Claude Chrome extension can do, which is gather information and bring it back to you, but it can’t do anything with it.

Christopher Penn – 07:01

That brings us to the two components of WebMCP. There are two different APIs: one is called imperative, and one is called declarative. Imperative is JavaScript. It is a JavaScript that you put on your website so that when an agent arrives and the script is programmed to recognize the agent by its user agent, it says, “Hey, I got stuff for you.” The agent immediately goes, “Oh, thank you for greeting me. Let’s see what you got.”

Declarative changes the HTML on your website to tell an agent what things are when you can’t use JavaScript. For example, let’s say you’ve got an old-school contact form on your website, and maybe you’re on a system like Astro, which is pure HTML with no JavaScript at all.

Christopher Penn – 07:46

You would use the declarative version of WebMCP to say, “Hey agent, this is a form. The purpose of this form is to contact us. Here are the fields on this form. Using your browse-on-behalf feature, like Claude Cowork does, you can fill out the form this way.”

To do a good implementation of WebMCP, you have to have both pieces so that one greets the agent if your website is a JavaScript-enabled site, and one modifies the HTML for websites that don’t have a lot of JavaScript.

Katie Robbert – 08:17

So it’s essentially accessibility for agents.

Christopher Penn – 08:21

Exactly. On the declarative side, if you’ve done a really good job with a WCAG 2.1 implementation, which is the Web Content Accessibility Guidelines, it will be trivial to add the declarative API. You’ve already done most of the hard work of making sure every form field has an intelligent name on it.

Katie Robbert – 08:39

That’s just good best practice anyway; that’s just good governance. It’s something that we always come back to: if you have good, strong governance going into creating your website and developing your content, you’re already ahead of the game. You don’t have to recreate those things. It is always where you want to start. Do I have good governance? Do I have good naming conventions? Is it understandable by humans first? Because the likelihood of it also being understandable by machines is going to be higher, so that way you’re not reinventing the wheel.

Before we go on, John, our silent partner, do you have any thoughts or questions? Is this a new concept to you, or is this something that you and Chris have been talking about on Marketing Over Coffee, for example?

John Wall – 09:32

No, we haven’t kicked this around. We’ve seen this stuff before; my flashback was to WSDL back decades ago. There were protocols that you would set up so that people could use an API to hit it. I’m used to this kind of stuff, but I’m really interested in looking under the hood now.

JavaScript to do the initial thing is fine—you just grab that template and go. But I don’t get the modifying of the HTML and how that works. I’m interested in digging more into that to see exactly how that happens. The other question is, has it been compartmentalized?

John Wall – 10:04

Are there WordPress plugins and stuff for this, or do you just have to do this all manually right now?

Christopher Penn – 10:11

Great questions. To start, most CMS systems, including WordPress, have not built this in yet. In fact, it is in some ways so new that I had to have Claude write one for the Trust Insights website just so I could do this episode of the show and the live stream. However, it does work, and we’ll talk about how to do that in a bit.

The spec itself is available; the best version is available on Google’s website. Google has this in their Chrome developer system—the WebMCP, what it is, how the spec works, and things like that. This is going to be very interesting. Chrome has said that in version 146, WebMCP is supported. However, version 149 is when they rolled it out to non-developers.

Christopher Penn – 11:03

If you go into the About menu in Chrome to see what version you are on, and you’re on 149, you have WebMCP available. Why this is interesting is because Google—and this made a whole lot of people very angry—has embedded a very bite-sized model of Gemini inside Chrome. It’s called Gemini Nano.

It’s a two billion parameter model that does things like summarization. But guess what else it does? It talks to WebMCP. Even as you, the human, are browsing a website, Chrome might call its own internal model and say, “Hey, it looks like this is the Trust Insights website. Looks like they have a newsletter. Want me to sign you up for it?” It will do that in a little sidebar and fire it off.

Christopher Penn – 11:52

It can fire off and do that. This is live as of Chrome 149, which is the current version. As you can see on Google’s chart here, in version 157 of Chrome, that’s when everybody’s going to get it. It’s no longer going to be in beta, and it will be built into Chrome by default.

For all of us who are marketers, if we want Chrome, which is the number one browser right now, to recognize our WebMCPs, now is the time to implement it so we have time to test it before it’s turned on for everybody by default.

Katie Robbert – 12:31

I guess I’m a little confused, though, because you just said that to date, no CMS system has WebMCP available.

Christopher Penn – 12:43

Right?

Katie Robbert – 12:44

So you had to build one, but Chrome is saying, “Yeah, go ahead, we can read it.” But it’s like, read what?

Christopher Penn – 12:50

Right?

Katie Robbert – 12:51

I just want to make sure I fully understand that there’s a disconnect between what Chrome is saying it can access and there being anything accessible to Chrome.

Christopher Penn – 13:04

Exactly. The way I would explain an origin trial is that it means everyone has access to it, but you have to turn it on. Shipping means everyone has access to it, and if you don’t want it, you have to turn it off.

Once version 157 is out, if you browse a website that has WebMCP, Chrome will by default start to find it and tell you that it’s there. Today, it doesn’t do that. To your point, Katie, because almost no one has implemented it, there’s nothing to show.

Katie Robbert – 13:31

Okay. Because I understand the phases of the roadmap, it was more a question of what is it even looking at if it doesn’t exist.

Christopher Penn – 13:40

Exactly. Very few sites have implemented it, which means—what was the quote from Margin Call? You can either cheat, be the smartest, or be first. It’s easiest to just be first.

If you in your industry have the ability to turn this on in some meaningful way to expose meaningful functionality, first, you’ll be able to test it long before your competitors do, assuming they’re not testing it to see what things they should even make available. Second, Google has said that all of the agentic stuff doesn’t impact search rankings, which I believe because they’re separate.

Christopher Penn – 14:26

But it doesn’t mean Google won’t give it preference if it sees that you’re an agent doing a Google search and says, “Here are sites that have WebMCP available that you might find more useful.” We can already see that in AI mode, it is an agent; it can go and read sites.

If WebMCP is there, AI mode might—this is pure speculation—say, “Hey, WebMCP is available and it’s our standard. You might get more benefit out of this site than a site that doesn’t have it.”

Katie Robbert – 14:59

Okay, so I’m guessing the next step is you are going to show us what an MCP looks like.

Christopher Penn – 15:09

Sure, we can.

Katie Robbert – 15:10

Or how to set one up. Right now, we have a ticker that says we are not lawyers. We need a ticker that says this is pure speculation and this is the way we think things are going to go, but don’t come back to us if it doesn’t work out this way.

Christopher Penn – 15:29

The first thing you’d want to do is install the WebMCP Inspector, which is a free Chrome extension made by Google that you install on your browser right now. It is a debugger for WebMCP so that you can see, when you’re trying to install it, if it is even working.

Remember, right now in Chrome, there’s nothing to see because even though it’s available and detected, functionality has been built into the browser using Gemini Nano to say, “Here’s what you can do.” I have mine installed. Let me go to the Trust Insights website. The moment I load the Trust Insights website, I see in the inspector that WebMCP is on, and here are all the things that you can do as a user on this website.

Christopher Penn – 16:15

You can do things like search, publish posts and pages, and return basic public information. You can fetch a single published post, list items, list the most recent published posts, or fetch a single author’s posts. You can send a contact form message to Trust Insights, or register an email address and subscribe to our newsletter. The moment an agent shows up, it’s given the menu and told, “Hey, here’s all the stuff you can do.”

Katie Robbert – 16:45

I have a couple of questions. I guess the first question, and maybe this is more of the concerned citizen question, is now that agents can access contact forms and fill them out, should we brace ourselves for an exponential number of spam contacts?

Katie Robbert – 17:07

That’s really going to mess with our overall analytics. Is it going to also mess with our analytics in terms of sessions and users coming to the site if we can’t distinguish whether it’s a human or an agent?

Christopher Penn – 17:23

You sometimes can distinguish them based on the user agent, depending on how the agent is showing up. If it’s using an internal system like a headless Chrome, it will probably have a different user agent than an actual Chrome browser. This is something that you would need to look in your server logs for.

If you have your own agents, test it out. For example, one of the things you can do is put up a test script in PHP or TypeScript on the back corner of your website somewhere that says, “When you browse this page, just print the user agent.” Then you can tell Claude to go visit that page and report back what user agent shows up.

Christopher Penn – 18:04

Or you use Chrome and it says, “This is the user agent,” just so you can see what the different user agents are.

Katie Robbert – 18:10

It sounds like maybe a future episode of the live stream should be how to set up your web analytics to account for all of this new agentic traffic. We can just bank that idea.

My other question is—and I think this is what you’re getting to—you turned on Chrome’s WebMCP and then went to the Trust Insights website, and it recognized that there is an MCP to look at. We started by saying most CMS systems don’t have an MCP, so this brings us full circle: you’ve been building this to install into our website specifically, and that’s why it’s registering that there is a WebMCP to look at. They need less complicated names than WebMCP.

Katie Robbert – 19:04

And I am following all of this correctly.

Christopher Penn – 19:08

That’s correct. I had to build a WordPress plugin net-new to do this, and boy, did that take a few tries. As a point of reference, you can do the same thing if you have access to a tool like OpenAI Codex, Google, Anthropic Claude, or Claude Code. The spec is fully available for free on Google’s website under Chrome Developers. Download the entire spec, put it in your coding tool along with your best practices and coding standards, and have it build a plugin for your CMS.

Here’s the reason why it’s not going to be as easy as just an out-of-the-box thing: every website is different. For example, the Trust Insights website uses Gravity Forms for its contact forms. Gravity Forms is not a native part of WordPress.

Christopher Penn – 19:57

Our WebMCP plugin takes in the Gravity Forms endpoints and makes them available as WebMCP. If you were to install this on Marketing Over Coffee, which doesn’t have Gravity Forms installed but has WordPress Contact Form 7, you would need to change the plugin itself to work with that architecture. If you were using Sitecore, Ektron, Adobe Experience Manager, or the CMS of your choice, they would all need to build their own WebMCP interfaces.

Katie Robbert – 20:26

Do you—and this is again where we need the ticker that this is just speculation—do you anticipate that? I don’t even know what it would be. I guess the same way we look at connectors in something like Claude Desktop, or those n8n systems that have all the different connectors. Do you think as WebMCP becomes more commonplace, systems like that will have those different CMS connectors—like an Ektron or a Sitecore, all the different ones you listed—versus having to build your own?

John Wall – 21:04

Yes.

Christopher Penn – 21:04

What I think will eventually happen is that you’ll have a master WebMCP plugin, and then you’ll have plugins for your plugin for the different systems. If you have Gravity Forms, there will be a Gravity Forms connector to your WebMCP plugin. There will be a bit of a land grab in the CMS world as to who can build the plugins the fastest to grab the market share for them.

Katie Robbert – 21:31

This goes back to needing to have good governance around what it is you’re already using. One of the things that we do with our clients is audit their tech stack, and a lot of times they’re surprised at the things that exist in their tech stack. If you haven’t done this recently—and I mean within the past six to 12 months—and taken a look at all of the different tools you’re using, now is a good time even just to get a basic inventory of all the different systems you have.

As these kinds of things roll out, it sounds like it’s going to be very—for lack of a better term—nested, like a plugin for a plugin.

Katie Robbert – 22:13

You want to make sure you have a good understanding of what’s going where and not just turn on access to everything, because that could be very volatile or dangerous—even very bad.

Christopher Penn – 22:26

Don’t do that. To show you what the plugin looks like, this is pretty rudimentary right now because I literally cobbled it together over three weeks on Tuesday nights. You can turn on and off the website MCP, you have rate limiting, and then you can choose which tools you want. For example, I don’t want agents to submit comments. Agents, take a hike; I don’t want you writing comments on our blog. But I can say subscribe to the newsletter.

There are all these different things. This is custom to the Trust Insights WordPress setup, so I can’t even put this on my own personal website because I would have to retune it for that particular site. Again, that will change as the standard evolves.

Christopher Penn – 23:07

But for right now, we at least have this in place and it’s working. The one thing I’m going to add to it, which is on my own personal roadmap, is integration with the Google Analytics Measurement Protocol. When WebMCP is called, it will send a hit to Google Analytics to say, “Hey, I just got an agent visit. I want to log it as something different than a regular web visit.”

Katie Robbert – 23:32

That goes back to my comment that a future live stream should be on how to reconcile your web analytics with these agentic MCP systems. Looking at this, we probably want to make some sort of notation and annotation in our data on the day that we turned on this ability. We could theoretically see podcast and newsletter subscribers grow, and we don’t want to be sitting there wondering what we did or what happened.

These are the kinds of things where you need to have internal notes available and accessible when you’re doing your analysis. This is a big change in how traffic gets to your website and how conversions happen.

Katie Robbert – 24:23

You want to be able to make sure that you can explain that. It’s great if things go up, but then people are going to ask, “What happened? What did you do? Do more of it.”

Christopher Penn – 24:32

Exactly. One of the things that is worth pointing out, which a lot of people are very uncomfortable with right now, is that 58% of the Internet usage on the planet now is machines. It’s no longer humans; humans are now in the minority.

As you start to see mixed-purpose agents or user-action agents visiting more and more, you’re going to want to know what kinds of agents are coming to your site and what they’re doing. Cloudflare has already said you probably should have this in place sooner rather than later.

Katie Robbert – 25:26

But again, you can only have it in place sooner rather than later if you know how to build it. In the meantime, we are waiting for these CMS systems to build their own so that, if you look at the settings on the left-hand side, you can just flip it on or off. I find the push-and-pull of this supply and demand interesting. It’s like we’re demanding that you have it, but there’s no supply to meet the demand. It’s basic business.

There is nothing for us to answer on this because we don’t know why things take as long as they do, or if you should ever use version one of something—the answer to that is always no. It’s just interesting to me that Google is saying everybody can access it, but it’s like, access what?

Christopher Penn – 26:15

Yep.

Katie Robbert – 26:15

What am I doing? I know that AI is taking over web usage because everyone’s turning to ChatGPT and saying, “Give me a fish fillet recipe.” That’s your stand-in for web browsers. I totally understand that, but we don’t have the things we need to meet what they’re telling us to do, right?

Christopher Penn – 26:38

The vast majority of people do not, and that’s why there is a potential early-mover advantage here. This would be especially important if your site is any kind of e-commerce site where someone could make a transaction. If an agent has been authorized by you to make purchases on your behalf, having WebMCP there would be useful for that agent.

For example, there are people who have set up OpenClaw and Hermes agents, given them a budget, and said, “You can’t spend more than this amount on a single transaction.” Let’s say you had a custom socks website and you had a special $13 pair of robot socks.

Christopher Penn – 27:23

If an agent dropped by there and said, “Hey, this looks like the kind of thing my user would like. My user said I can’t spend more than $50 on any one transaction and I can’t spend more than $100 a day. I bet they’d like this pair of socks,” the agent orders you a $13 pair of robot socks. Whether you like them or not, that’s your problem.

Christopher Penn – 27:44

An e-commerce site at the very least should have something like this to tell an agent, “Here’s what is for sale,” and ideally surface things like search functionality on the site in an easy way for the agent to traverse the site and return results back to the hive of what it found.

Katie Robbert – 28:10

You’re paying way too much for socks for something that doesn’t have feet.

Christopher Penn – 28:17

Other use cases would be agent-to-agent support: the ability for your agent to talk to another support agent, negotiate something, and say, “I will call you when I’ve actually gotten past their agent to talk to a human.”

Katie Robbert – 28:37

I can see how that’s a powerful use case. I was trying to do this yesterday to reach my car insurance company and I couldn’t get past the agents. They just kept giving me the same two responses, and I said, “I’m not asking for either of those things.” I couldn’t get to a human, so I can definitely see the value in that.

At the same time, it’s very sci-fi. There’s probably a lot of fear around what it is actually going to do and what it is doing on my behalf. Should I give it that much control? I’m giving it a $50 budget, but was I very clear about what I want?

Katie Robbert – 29:19

Am I going to get a bunch of inappropriate or useless things sent to my house? I don’t know. I’m just going to make a quick plug—I have to do it—to get yourself started with the 5P Framework by Trust Insights. You can learn more at TrustInsights.ai/5p-framework.

Purpose: why am I doing this thing in the first place? People: who is involved, the human and then also the agentic process? Process: how is the thing expected to get done, and have I been clear with my standard operating procedures, details, directions, and instructions? Platform: this is where your governance comes in; only give agentic AI access to what it needs, not to everything. And then Performance: can it complete the task?

Katie Robbert – 30:09

Did I do what I set out to do? Did I answer the question? I cannot emphasize this enough: you really want to make sure you’re clear about why you’re turning on a WebMCP before you turn it on.

Christopher Penn – 30:24

Exactly. In terms of next steps, here’s what I would do if I were the average site owner. Number one, I would make the site WCAG 2.1 accessible first. That’s low-hanging fruit. There are proven tools and a known benefit, which is that five to 10% of people browsing the web are using some kind of low-vision assistive tool. By making your site fully WCAG-compliant, you also make it easier for those people to do business with you.

Christopher Penn – 30:58

Second, implement the declarative API for WebMCP. This is where you take all the work that you did to make it accessible and make sure it also conforms with the WebMCP declarative API so that a browser agent, a web agent, or an AI agent can browse your site successfully and easily. You want to ensure your form fields are not named “form field 26” or “form field 27,” but rather “first name,” “last name,” etc.

Those are the first two steps. The third step, with the help of your coding tools and the spec that Google has published on their website and GitHub, is to build something that addresses the imperative API. That is the heavier lift—it’s the App Store. That’s the order I would do things in.

Christopher Penn – 31:46

The further along you go, the more far-out it gets. WCAG compliance is a no-brainer.

Katie Robbert – 31:55

Is it fair to say that you can drop a link to that resource in our free Slack community, Analytics for Marketers, post-live stream?

Christopher Penn – 32:02

I sure can.

Katie Robbert – 32:03

So if you want to link to the compliance that Chris just mentioned, what is it?

Christopher Penn – 32:09

WCAG 2.1.

Katie Robbert – 32:11

WCAG 2.1.

Christopher Penn – 32:13

Yes. Web Content Accessibility Guidelines.

Katie Robbert – 32:16

Got it. If you want a link to that and what it means, you can join our free Slack community, Analytics for Marketers, at TrustInsights.ai/analyticsformarketers. I’ve heard you mention that on numerous calls, but having a resource to actually go to and see what this thing means for you is probably really helpful for a lot of people because it may be a brand-new concept.

Christopher Penn – 32:38

Yeah, it shouldn’t be, but unfortunately it is for a lot of folks.

John Wall – 32:42

The thing I get wrapped up around, though, is also having a model baked into the browser now. You’ve got a model in the browser, and they’re encouraging sites to make a map that the model can hit. Is there any talk about how often that phones home, or if that can be remotely fired?

Christopher Penn – 33:04

It’s actually the opposite. If you go into your system settings inside Chrome, there’s a little toggle button to turn this on, and Gemini Nano will activate. It doesn’t necessarily call home any more than the normal Google telemetry, because Chrome calls home all the time about everything anyway.

This is actually intended to help Google offload some of the load on their servers by making your computer do some of the work. In a lot of what they say about browser stuff, this particular model for on-device AI will help you do things like summarize web pages and organize stuff. Because it’s a small LLM, it is designed to summarize pages locally without having to call Google’s cloud and cost them money.

John Wall – 33:58

They’re farming that processing back to the desktop. That’s interesting to me. So that’s off by default now, but once they reach version 157 or whatever it is, it will probably be on by default at some point, I imagine.

Christopher Penn – 34:16

It’s on by default now. They pushed it out, and there was a big outcry with people saying, “Hey, what is this two-gigabyte file that just appeared on my browser?” Oh, that’s the new Gemini Nano model.

Katie Robbert – 34:28

I got to hear all last week from my mother-in-law, who was visiting, about how every time she opens a Google tool, there’s AI trying to do something for her. I told her she could turn that off. To Chris’s point, there’s a lot of outrage over it being turned on by default.

You can turn it off, but they don’t make it intuitive. They don’t ask, “Hey, do you want to turn this off? Yes or no?” You have to go find it in the settings and know what it is you’re turning off. If I remember correctly, they even give you a little warning like, “Hey, if you turn this off, you don’t get all the cool prizes.”

Christopher Penn – 35:11

Exactly. They actually have lots of documentation about what that system is going to do in terms of on-device AI. The things that it’s going to be able to do out of the box once it’s fully live include summarizing, writing, rewriting, proofreading, filling in forms, and, importantly, doing tasks. This is where WebMCP and the on-device model play together once it has the Task API fully implemented.

If I’m on a website like the Trust Insights website and the on-device model is on and watching everything I do, it will say, “Hey, you’re here. Do you want to subscribe to this newsletter?” Instead of you having to go click the form and type your email, it will say, “Great, I’ll take care of that for you.”

Christopher Penn – 36:08

You can continue on with whatever you’re doing. For us as marketers, we want to have that in place. We want to say to people’s agents, or even their browsers themselves, “Yes, come on in, sign your user up for our stuff.” The user may not be thrilled, but this is why we’re having the discussion about WebMCP today. These APIs built into Chrome using its onboard AI are going to start suggesting things when they are available.

To Katie’s point, when it’s available, it will start suggesting things. If you have Trust Insights and Acme Consulting Corporation, and a user is visiting both sites, if they visit ours and WebMCP is working, Chrome will say, “Sure, I’ll sign you up since you’re trying to learn more about this stuff.” Maybe you came from an AI mode search.

Christopher Penn – 37:03

It will say, “Okay, I’ll get you subscribed to the Trust Insights newsletter.” Then you go to Acme Consulting, and nothing happens. We might have a slightly better chance of converting that lead because we’ve gotten to them sooner.

Katie Robbert – 37:17

Interesting.

John Wall – 37:19

There’s a long historical track record that rolling out stuff Google suggests usually helps you out in the long run.

Katie Robbert – 37:31

One of the things we said we were going to do on this episode was cover how to get started. Obviously, we’re not going to sit and watch you for three weeks develop against our WordPress site. Is it a good idea or a bad idea to open something like Claude Code and just say, “Hey Claude Code, I want to build a WebMCP for my website, which is hosted on WordPress. Can you vibe-code that for me?”

Christopher Penn – 38:01

Yes, with an asterisk. Let me walk you through the process that I went through. I went to Google itself and three other AI systems that do deep research and had them research WebMCP—what successful implementations look like and what the standard says on the most common use cases. Alibaba Qwen, Perplexity, Gemini, and Claude were the four systems I used to put these reports together.

I then told the AI, “Okay, got it. Turn this into a product requirements document to build a WordPress plugin for my site.” We are on WP Engine, we use Nginx, and we are on a specific version of WordPress running a specific version of PHP.

Christopher Penn – 38:48

By the way, I also have a separate file of best practices for building WordPress plugins that I built using the exact same research process. Claude Code said, “Got it. I’ll read this plugin guide and this WebMCP guide, and I’ll come up with a PRD.” That PRD contains user stories, technical requirements, functional requirements, non-functional requirements, domain requirements, milestones, KPIs, and the 5P Framework by Trust Insights.

Once the PRD was done, the next step was to say, “Okay Claude, you’ve built the PRD, now build the technical spec.” The PRD is the why you do something; the spec is what you are going to do and what the pieces are. It then drew from the sources again and built a full technical spec of the 11 pieces that this plugin is going to need to have, and it wrote that out.

Christopher Penn – 39:40

Then, with the PRD and the spec in hand, I said to Claude, “Now build me a work plan with up to 10 phases of how you’re going to build this sucker.” It walked through and says, “Okay, here’s all of what I’m going to do. These are my non-negotiable engineering standards. This is what I must do and what I must not do.” It ran through and built the entire work plan.

Then and only then did we say to Claude, “Okay, build it.” For several hours, it just went off and did its thing. But I had to do all the research first, all the planning first, and the spec first. Then, and only then, could I vibe-code.

Katie Robbert – 40:26

So you answered the question incorrectly; the answer was no. It was not a trick question. There was only one correct answer, and the answer is no. But what you illustrated is exactly what I was looking for: no, don’t just open up Claude Code and say, “I want to build a WebMCP for my website, which is hosted on WordPress. Go.” You still need to do the planning.

What you mentioned is, again, the 5P Framework by Trust Insights, which you can get at TrustInsights.ai/5p-framework. We’re talking about resource usage, token usage, spending money, and spending time. We’re also talking about introducing data privacy holes in your existing website and misrepresentation within the code—saying things like, “Yeah, I’m totally fine if you spam 8,000 different websites and put my name, home address, and phone number in the contact form.” You want to make sure you’re not introducing those vulnerabilities.

So, no, don’t just open up your coding system and say, “Hey, go do this thing.” Do the research and build your plan. A PRD is a product requirements document, and a technical spec is technical specifications. There are a million and one templates on the Internet if you’ve never built one before. Just look those things up first and figure out what you need to do to build requirements so that this does not go off the rails.

If you’ve never done software development before, there are plenty of resources for software development best practices. Find some that you like and then adapt them to what makes sense for you and your business. Do all of that first, and then you can do proper coding. It is no longer vibe-coding because you have a plan.

Christopher Penn – 42:24

Not only that, you just said something really important, and this is the watchword I want everyone to pay attention to. When you hear the word “web,” the first thing on every checklist should be security. This is in my own guide of best practices; these are the things that go wrong the most when you’re making a WordPress plugin. If you try to vibe-code it, most tools will not think about security because it is not part of their mindset.

If you do not have checklists of what to avoid doing, you are going to vibe-code something dangerous. You’re going to vibe-code something that makes Swiss cheese out of your website’s security, and someone can exfiltrate data from it. You have got to have this. If you do not have a dedicated security section in your PRD, in your spec, in your work plan, and in your checklist to validate when the agent is done, stop immediately and make sure that you build them.

John Wall – 43:29

How about as far as output, then? Once that plugin is run, is that dynamically generating the JavaScript file every time it runs, or just anytime there’s a major site change?

Christopher Penn – 43:40

The way I built the plugin is that it dynamically generates the imperative API for stuff that’s site-wide, such as subscribing to our newsletter, but then it also gives options if it’s relevant on specific pages.

John Wall – 43:58

And then for the HTML, there’s no need for it to actually touch the posts and dig into the HTML?

Christopher Penn – 44:04

It will modify the HTML. If you have things that are non-compliant—for instance, if you don’t have ARIA labels on stuff—it will add them.

John Wall – 44:14

Okay, so this is touching all the parts and pieces. This can be very dangerous if you don’t—

Christopher Penn – 44:21

Yes.

John Wall – 44:22

—have it set up the right way.

Christopher Penn – 44:23

Yes. Which means, as Katie said, you have to use the 5P Framework, and part of performance is security. The four pillars we always mention are that it has to be safe, it has to be efficient, it has to be effective in terms of what it does, and it has to be fast.

Those are the four dimensions that you have to figure out for all code. When you’re talking to a coding agent like Claude Code, you say, “These are your four objectives; you must meet all four. You have to figure out how to do this.”

Katie Robbert – 44:57

But you should, as the human, have some semblance of what that looks like ahead of time. If you say, “Here are the four things you need to do,” and Claude Code says, “Okie dokie, I’m going to go do them,” and you don’t know what’s right and what’s not useful, you could be saying yes to who knows what.

Make sure you, the human—this is where human-in-the-loop is so important, especially with these kinds of things—understand it, even at a high level. I couldn’t list all the different ways that somebody could hack a website, but I know enough to take a look at a security list and protocols and say, “Yep, okay, that makes sense.”

Katie Robbert – 45:40

Let me just research this a little bit deeper so I have a good understanding. As the human, I can do that. I don’t need to be an expert, but I need to have at least a decent enough understanding. It’s like what we say about sports: you should have at least a decent enough understanding of what happened in the game to have a casual conversation. You should probably at least know what two teams are playing, and that should get you far enough in the conversation.

Christopher Penn – 46:02

If you aren’t sure, go to the Trust Insights website. We have the Casino Framework, which has nothing to do with gambling, but is a prompt research framework for deep research tools. Fill out the template and then hand it to your favorite tool. Your context might be, “I need to know how to secure a WordPress plugin.” Hand the framework to your AI tool and say, “Help me fill this out to build a research brief,” and then let a tool like Cowork or Code go and do the research.

That’s how I do stuff for things where I don’t have strong domain knowledge myself. I will say, “Let’s build this research brief. Ask me questions until you have enough information to fulfill the brief.” It builds the brief, and then I go and hand that to all the different agents.

Christopher Penn – 46:47

They pull in all the information, and then I cross-check them and say, “Okay, well what do they all have in common? What are the things that everybody agrees on?” For instance, “Yeah, you should always be escaping this type of HTML.” Everybody says that, so okay, that has to be one of the main rules. That’s how I built this thing, because I know that I don’t know everything about WordPress security, but I know that AI can find it.

Katie Robbert – 47:19

All right, well, set your WebMCP agents loose on the Trust Insights website. I guess that’s the next logical step.

Christopher Penn – 47:30

That would be the logical step—deploy it and then test it, please.

Katie Robbert – 47:36

Yeah, don’t skip the testing.

John Wall – 47:38

Yes.

Christopher Penn – 47:39

I would recommend that if you are—to what John was saying earlier—rarely do you go wrong if you do what Google says. That is just the way the world works. Any final thoughts?

John Wall – 47:53

Yeah, I’m going to get concert and sports tickets via an AI agent. This is my new thing. Look for John’s Ticketmaster coming soon.

Katie Robbert – 48:02

It’s an interesting use case because, for a lot of these things, you have to sit in the queue and keep refreshing. That’s a great use case to let an agent go: “Hey, here’s where I want to sit. Here’s my budget. Go get me tickets. I don’t want to sit in that queue.”

Christopher Penn – 48:18

Claude Code can do that for you.

Katie Robbert – 48:22

It’s interesting to think about as the technology advances. My takeaway is that it’s even more imperative to have a good handle on your security and governance before these things get too out of hand.

Christopher Penn – 48:37

Yep. And then go do it. Be early. Very rarely do you incur serious harm from being early, as long as you do the planning and governance upfront.

Katie Robbert – 48:49

Yeah, I was going to say with that caveat.

Christopher Penn – 48:51

Exactly. All right, folks, that’s going to do it for this week’s show. Thanks for tuning in; we will talk to you all on the next one. Thanks for watching today. Be sure to subscribe to our show wherever you’re watching it.

For more resources and to learn more, check out the Trust Insights podcast at TrustInsights.ai TI Podcast and our weekly email newsletter at TrustInsights.ai/newsletter. Got questions about what you saw in today’s episode? Join our free Analytics for Marketers Slack group at TrustInsights.ai/analyticsformarketers. See you next time.