What is the Model Context Protocol (MCP)?
The Model Context Protocol (MCP) is an open standard for connecting AI models and agents to external tools, data sources and systems through a single, uniform interface. Introduced by Anthropic in late 2024, it standardizes how an application exposes context and capabilities to a model — acting like a universal adapter so any compliant client can talk to any compliant server.
Definition
MCP is an open protocol that standardizes how AI applications provide tools, resources and context to models through a common client–server interface.
Key takeaways
- MCP standardizes model-to-tool/data connections, like a universal adapter.
- It uses a client–server model: hosts run clients; integrations are servers.
- Servers expose tools, resources and prompts in a uniform shape.
- It reduces N×M custom integrations to reusable, shareable connectors.
- It is open and vendor-neutral, with growing multi-vendor adoption.
Context
Before MCP, every agent-to-system integration was bespoke: each tool wired by hand to each application. MCP replaces that with a shared protocol, so a connector written once can be reused across any MCP-aware client.
This matters for enterprises because integration — not model quality — is often the real bottleneck in shipping agents. A common protocol turns connectors into a reusable ecosystem rather than one-off glue code.
Architecture
MCP defines three roles: a host application, an MCP client inside it, and one or more MCP servers. The client connects to servers over a transport, and servers expose capabilities the model can use.
Servers offer three primitives: tools (actions the model can invoke), resources (data the model can read), and prompts (reusable templates). The model, via the host, discovers and uses these in a standard way.
Components
Benefits
- Eliminates bespoke N×M integrations.
- Connectors are reusable and shareable across clients.
- Open and vendor-neutral.
- Cleaner separation between agent logic and integrations.
Risks
- Server access expands the attack surface; permissions matter.
- Untrusted servers can attempt prompt injection or data exfiltration.
- A young standard, still evolving.
- Operational overhead of running and securing servers.
Tools & technologies
Examples
- An MCP server exposing a company knowledge base as readable resources to an agent.
- A filesystem or database MCP server giving an agent scoped, permissioned access.
- A shared connector for a SaaS API reused across several internal agents.
FAQs
- Who created MCP?
- Anthropic introduced MCP as an open standard in late 2024, and it has since seen adoption across multiple vendors and tools.
- Is MCP the same as function calling?
- No. Function calling lets a model invoke tools; MCP standardizes how those tools, data and prompts are exposed and discovered across applications.
- Why does MCP matter for the enterprise?
- Integration is usually the bottleneck for agents. MCP turns one-off connectors into a reusable, governable ecosystem.
- What are the security considerations?
- Each server is an access point. Apply least-privilege permissions, vet servers, and treat their outputs as untrusted input subject to prompt-injection risk.