MCP

Model Context Protocol (MCP) is to AI agents what HTTP is to the web: a shared, open standard for how the model talks to the rest of the world. It was introduced by Anthropic in late 2024 and adopted broadly in 2025 and 2026.

The technical shape: an MCP server exposes resources, tools, and prompts via a defined schema. Any MCP-capable client (Claude Desktop, Claude Code, the API, an IDE plugin) can discover and call those tools without per-vendor glue. Build the integration once; every MCP client benefits.

Worked example of the leverage: a company wraps its internal CRM, its analytics warehouse, and its document store as three MCP servers. This quarter the team is on Claude; next quarter they trial a different model for cost reasons. With function-calling tied to one vendor, that switch means rewriting every integration. With MCP, they point the new client at the same three servers and move on. The integration cost was paid once, not per model. Pairing those servers with RAG over the document store gets you grounded answers from internal data without bespoke plumbing.

The honest trade-off and the founder mistake: MCP is the right call only if you expect to swap models or want portability; if you are permanently on one provider, plain function-calling is simpler and fine. The bigger risk is security. MCP is a transport protocol, not a permission model. A sloppy MCP server that exposes a write-capable tool with weak auth is a confused-deputy waiting to happen, where the model is tricked into invoking something it should not. We build MCP servers regularly and have shipped them to production; we also write a security review for each one because the standard is still moving and the failure mode is your internal systems, not a chatbot saying something dumb. We wrap a tool in MCP only when it is genuinely useful inside a model loop and the security model permits a model to invoke it, with human-in-the-loop on anything destructive.