Feature Wiki
Tabs
(Project) Model Context Protocol Support
Page Overview
[Hide]This is a project page that bundles several feature wiki pages which belong to a larger development activity for the ILIAS component [[]].
1 Aim of Project
The Model Context Protocol is an open, standardised communication mechanism that enables AI models to access external data and functions in a secure and structured manner.
By supporting MPC in ILIAS, we are opening up the platform for connections to AI models and applications, enabling more reporting and evaluation options without tying ourselves to specific services. For the many cases of specialised plugins and components, MPC can provide the basis for interacting with ILIAS.
- Standardised AI interface: ILIAS can connect directly to any MCP-compatible AI clients (e.g. OpenAI, Anthropic, GitHub Copilot, LM Studio) – without proprietary APIs.
- Less integration effort: Instead of maintaining a separate interface for each AI platform, all you need to do is implement an MCP server.
- Longevity: MCP is supported by major players (Anthropic, OpenAI, Microsoft) and is establishing itself as the de facto standard for AI context integration – comparable to LTI in the education sector.
A key argument in favour of MCP in the learning management environment is the clear separation between the AI model and confidential learning or personal data.
- MCP allows finely controlled access: the model only receives defined information (‘context resources’), not unrestricted data.
- Data remains under internal control – no external API transfer of sensitive user data unless a component provides it.
- Communication is transparent and traceable, which complies with legal requirements (e.g. GDPR, higher education law).
This allows institutions to use AI functions in ILIAS without having to rely on cloud APIs or insecure integrations.
With MCP, ILIAS can offer AI-supported functions that respond directly to course and usage data – context-sensitive, personalised and explainable.
- Intelligent tutors: The model can access course content, learning progress or forum discussions via MCP and provide targeted support.
- Automated feedback: For assignments or tests, the AI can generate feedback based on institutional assessment criteria.
- Adaptive learning paths: The model can analyse learning behaviour and suggest resources or activities in ILIAS based on this analysis.
ILIAS and its components retain sovereignty over which data (including personal data) is made available.
The open source nature of MCP fits perfectly with the philosophy of ILIAS – open standards, transparency, interoperability. The implementation of MCP in ILIAS is a strategic step towards AI readiness for the system:
It enables secure, data protection-compliant and flexible AI integration, reduces integration costs, strengthens interoperability with modern AI tools and creates concrete added value for learners and teachers.
1.1 Possible risks
- If too few components are integrated into ILIAS, an MCP server could be useless. Important components such as courses, learning progress, files, forums, online help, page editor, etc. would have to be adapted quickly to enable meaningful use.
- MCP is a very new standard. It was only published by Anthropic at the end of 2024. Currently, it is the only standard of its kind, but it remains to be seen whether it will gain sufficient traction in the world of AI models. OpenAI officially adopted MCP in March 2025, and other providers have at least announced their intention to do so.
- The standard could change rapidly to keep pace with the fast developments in the world of AI. ILIAS must keep up with these changes as quickly as possible in order to stay competitive.
- An MCP server also offers a new attack vector for ILIAS. For example, in April 2025, a security vulnerability relating to prompt injection became known.
2 Involved Authorities and Stakeholders
- All authorities of ILIAS components are potentially involved.
- The Technical-Board should have stakes in this.
- All plugin maintainers should have stakes in this.
- All users of ILIAS should have stakes in this.
3 Timeline
ILIAS 12 |
|
ILIAS 13ff |
|
4 Related Feature Requests and Status
Feature Request | Suggested by | Funding | Planned Release | Status |
|---|---|---|---|---|
… | ||||
… | ||||
… | ||||
… |
5 Further Results
- …
6 Additional Information
…
7 General Discussion
Please discuss specific questions of feature requests on the related feature wiki pages. This discussion section is only for a general discussion of the project and its realisation.
Seidel, Elyesa [seidel], 20 NOV 2025: In order to better understand the functional scope and the associated benefits and risks, we would like to request more concrete application scenarios that illustrate in detail how ILIAS, MCP and AI tools interact in practice.
Until these scenarios are available, we kindly ask you to address the following questions:
1. How exactly will compliance with data protection law be ensured? Which specific technical and organisational measures (TOMs) are planned to guarantee GDPR-compliant processing?
2. How will ILIAS and its components retain full control over which data — including personal data — is made available to an MCP-compatible AI model? How will unauthorised access or accidental data disclosure be technically prevented?
3. How will the planned AI-supported functionalities be aligned with the requirements of the AI Act, in particular Art. 6(2) and Annex III, paragraph 3 (b, c), which classify AI systems in the context of education, assessment and profiling as high-risk?
4. What concrete measures will be implemented to prevent AI models from circumventing access restrictions, inferring additional personal data, escalating context requests, or performing prompt-injection or reconstruction attacks? This question is especially relevant since MCP allows models to actively request resources and because a prompt-injection vulnerability became known in April 2025.
Kergomard, Stephan [skergomard], 21 NOV 2025: Thank you very much for this proposal Schmid, Fabian [fschmid], I understand very well where this is coming from, and I think it is worthwhile to have this discussion in the community! I would still suggest for the ILIAS community to actively decide against implementing this for the forseeable future. Currently there are good reasons to believe that this protocol (and probably any protocol trying to achieve this) will need an astronomical amount of work to make its implementations secure and one might even doubt that it is possible to do so for two simple reasons: The complete lack of separation between data and commands and the non-deterministic nature of AI. We are operating on highly sensitive data and our promise should be to put its security first. To keep this promise while implementing this will stretch our resources far beyond their breaking point and so the risks are probably bigger then the benefits.
JourFixe, ILIAS [jourfixe], 24 NOV 2025 : With this proposal, Schmid, Fabian [fschmid] would like to provide some initial food for thought on whether we should pursue such a generic approach to integrating AI into ILIAS or rather focus on individual implementations for integrating AI. Fabian invites all interested parties to participate in the discussion and explain their point of view. He is planning a workshop beginning of next year to discuss this suggestion.
As already mentioned in his post above, Kergomard, Stephan [skergomard] sees a very high implementation effort required to safely implement MCP in ILIAS and fears that we will not be able to manage this with our currently available resources. Fabian believes that the security measures for ILIAS in the context of introducing MCP are not as extensive as feared. See also here.
Technical Board, … :
Last edited: 24. Nov 2025, 14:54, Kunkel, Matthias [mkunkel]