- MCP is the AI equivalent of HTTP for the web or USB for power cables
- The protocol is poised to be the foundation of the Agentic AI future
- But there are currently major gaps in security and authentication that developers should be aware of
If you thought model context protocol (MCP) would end up being just another acronym lost in the industry’s alphabet soup, think again. Turns out the protocol is poised to serve as the foundation for the agentic AI future — or at least, that’s assuming it can overcome one key hurdle.
As we’ve noted before, MCP provides a standardized way for AI to interface with the various data sources it needs to access to get things done. It was originally designed to help LLMs get the information they need, but the MCP community is eyeing tweaks that would allow the protocol to be used for agent-to-agent communication as well.
The protocol is still in its infancy, but AvidThink’s Roy Chua told Fierce there is strong momentum propelling MCP forward.
Chua, who was at a recent MCP developer conference, noted AWS was at the event showcasing how to build MCP servers on its platform while Cisco was there touting its ability to secure MCP servers. There’s also buy-in from the likes of Cloudflare, which has a one-click MCP server service, and API platform Postman, which now allows developers to spin up an MCP server for any currently supported API.
That last bit is especially interesting and signals a shift away from the way things work today. At present, AI agents have to be custom coded to support specific APIs based on the different data sources they need to use, Vultr CMO Kevin Cochrane told Fierce.
But now, MCP is poised to be to agentic AI what HTTP was to the internet, he said. Just like with the internet – where all you needed to do was type in a web address – agents will only need to know the address of an MCP server to access various data sources.
The time for MCP is now
What does that mean for developers? Well, it means that unless they’re working on niche services like embedded automotive or missile systems, they can’t ignore MCP.
“Developers need to understand that any microservice they’re building, as part of an enterprise application, should have an MCP server in front of it to expose that API and that service to an agent,” Cochrane said. “No agents should be written that have to interact with custom back-end API.”
Any information that would normally be exposed by a web app or application should instead be exposed via an MCP server to offer AI agents a better way to tap into services, Chua explained further.
Both Chua and Cochrane told Fierce it’s worthwhile for developers to build and MCP server and start tinkering now. There is, of course, a catch.
But, MCP has issues
As things stand today, MCP has some serious holes when it comes to authentication and security. The MCP community is moving rapidly to fix these, but Chua said, in the interim, anyone building an MCP server needs to be very careful about what permissions they give and who they’re giving them to as they interact with agents and other MCP servers.
“Recognize that if you give the LLM access to your email, it has access to your email. If you let the LLM send email on your behalf, it could be an issue,” he concluded. “Whatever MCP service you’re connecting to, you need to be very clear about what services they’re advertising, you need to vet those services and make sure there are no additional instructions than what you’re getting from those services.”
Don't miss our free AI and the Network virtual event from June 3-4. Speakers include execs from Blue Planet, Google Cloud, Lumen, MobileX, Nvidia, Supermicro, Verizon Business, Vultr and more. Register today.