What Is MCP?

MCP, or Model Context Protocol, is an open standard and open-source framework introduced by Anthropic on November 25, 2024, to standardise how AI systems like large language models integrate with external tools, data sources, and software systems. Think of it as a universal adapter, similar to how USB-C lets you charge any device with one cable. Before MCP, AI could only talk at you. With MCP, AI can talk with your systems.

The simplest way to understand it: MCP gives AI the ability to do things, not just say things. It transforms AI from a helpful voice into a capable coworker that can access data, trigger actions, and coordinate across multiple platforms.

The protocol follows client-server architecture, using JSON-RPC 2.0 messages to establish communication between AI systems and data sources. It was inspired by the Language Server Protocol (LSP), which standardised how code editors communicate with programming language tools.

How MCP Works

MCP enables developers to build secure, two-way connections between data sources and AI-powered tools through three core components:

MCP Clients: AI applications that connect to servers to access external capabilities

MCP Servers: Lightweight programmes that expose specific tools, data sources, or functions through the standardised protocol

MCP Hosts: Applications like Claude Desktop or IDEs that manage connections between clients and servers

The architecture addresses the “N×M” integration problem. Previously, developers had to build custom connectors for each data source, resulting in fragmented, vendor-specific implementations. MCP replaces this with a single protocol that any AI system can use to connect to any compatible server.

The History

MCP began as an internal Anthropic effort to connect Claude to real tools and context, then expanded into an open standard released in November 2024.

On November 25, 2024, Anthropic publicly released MCP as an open-source standard, inviting developers worldwide to adopt and contribute to it. Early adopters included developer-tool and enterprise teams, with broad uptake across the agent and IDE ecosystem.

On March 26, 2025, OpenAI announced it would support MCP and began rolling MCP capabilities into developer and product experiences over time.

Within one year of launch, adoption grew rapidly. According to project maintainers:

  • Over 10,000 published MCP servers
  • More than 97 million monthly SDK downloads across Python and TypeScript
  • Support from major AI platforms including ChatGPT, Claude, Gemini, Microsoft Copilot, and Visual Studio Code
  • Enterprise deployment support from AWS, Cloudflare, Google Cloud, and Microsoft Azure

In December 2025, Anthropic donated MCP to the newly formed Agentic AI Foundation (AAIF), a directed fund under the Linux Foundation. This move placed MCP under neutral, community-driven governance, ensuring no single company controls its future. The foundation was co-founded by Anthropic, Block, and OpenAI, with support from Amazon Web Services, Google, Microsoft, Cloudflare, and Bloomberg. Block also contributed Goose, an open-source AI agent, to the foundation.

Real-World Applications

MCP enables practical applications across multiple domains:

Domain Use Case
Customer Service AI assistants connecting to CRM systems, knowledge bases, and email platforms to provide contextual support
Software Development IDEs granting AI coding assistants real-time access to project context, GitHub PRs, and documentation
Enterprise Data Access Natural language queries against structured databases, content repositories, and business tools
Cloud Operations AI assistants running Lambda functions, analysing costs, and implementing infrastructure best practices

Pre-built MCP servers exist for popular enterprise systems including Google Drive, Slack, GitHub, Git, Postgres, Puppeteer, AWS services, Azure DevOps, and Atlassian products like Confluence and Jira.

Security Considerations

Whilst MCP offers significant advantages, it introduces security challenges that require careful attention:

Prompt Injection: Attackers may attempt to manipulate AI behaviour through malicious inputs

Tool Poisoning: Lookalike tools can silently replace trusted ones

Permission Boundaries: Combining tools can inadvertently exfiltrate files

Community Server Risks: Untested third-party servers should be used with caution

Security researchers have published enterprise-grade mitigation frameworks addressing these concerns. The upcoming MCP roadmap prioritises enhanced security and permissions, allowing organisations to control exactly what AI can access and when.

Where MCP Is Heading

The official roadmap outlines priority areas for upcoming releases:

Core Development Priorities

Asynchronous Operations: Enabling servers to kick off long-running tasks (minutes or hours) without blocking, with clients checking back for results

Statelessness and Scalability: Addressing horizontal scaling challenges for enterprise deployments, smoothing out session handling for production MCP servers

Server Identity: Enabling servers to advertise themselves through .well-known URLs, allowing automatic capability discovery

Official Extensions: Curating protocol extensions for specialised industries like healthcare, finance, and education

MCP Registry General Availability: Transitioning from preview to a production-ready service for discovering and sharing MCP servers, launched in preview September 2025

Additional Roadmap Items

Human-in-the-loop workflows: Standardised checkpoints for approval

Multi-agent orchestration: Enabling multiple AI agents to collaborate on complex tasks

Multimodal support: Expanding beyond text to video, audio, and streaming data

As AI agents become more sophisticated, MCP is positioning itself as the foundational infrastructure for how AI interacts with the digital world. Organisations that adopt MCP early will have a head start in building truly integrated AI workflows.