A Year of MCP: From Internal Experiment to Industry Standard

When Anthropic quietly open-sourced the Model Context Protocol (MCP) in November 2024, most teams wrote it off as another standard that would die in committee. Twelve months later, MCP has become the de facto protocol for connecting AI systems to real-world data and tools. OpenAI, Google DeepMind, Microsoft, and thousands of developers building production agents have all adopted it.¹

Here's what we've learned building with MCP at Pento, where the protocol sits at a very special place in our AI consulting work, and what we think it means for the year ahead.

What Is MCP (And Why Should You Care)?

Think of MCP as USB-C for AI applications.²

Before USB-C, every device needed its own cable: Lightning for iPhones, micro-USB for Android, proprietary connectors for cameras. MCP does the same thing for AI integrations. Instead of building custom connectors for every data source (Google Drive here, Salesforce there, your internal CRM somewhere else), you build against a single protocol.

Diagram: MCP Client-Server Architecture showing how AI applications connect to multiple data sources through a single protocol

The protocol works through a simple client-server architecture:

MCP Clients (AI agents like Claude, ChatGPT, or your custom application) connect to external systems
MCP Servers expose tools and data from applications like Notion, Slack, GitHub, or your proprietary systems

Build one MCP server, and any MCP-compatible AI can use it. Build one MCP client, and it can access thousands of existing servers.

This is the problem MCP solves: the M×N integration nightmare where M applications need to connect to N data sources. MCP collapses that into M+N implementations.³

The 2025 Timeline: From Experiment to Infrastructure

The adoption velocity has been remarkable. Here's how it unfolded:

Timeline infographic: MCP adoption milestones from November 2024 to December 2025

November 2024: Anthropic releases MCP as an open standard with SDKs for Python and TypeScript. The protocol's origin story is refreshingly practical: it emerged from developer David Soria Parra's frustration with constantly copying code between Claude Desktop and his IDE. ⁴

March 2025: OpenAI adopts MCP across the Agents SDK, Responses API, and ChatGPT desktop. Sam Altman posts simply: "People love MCP and we are excited to add support across our products."⁵

April 2025: Google DeepMind's Demis Hassabis confirms MCP support in upcoming Gemini models. The Verge reports the protocol addresses "growing demand for AI agents that are contextually aware."¹

November 2025: The spec gets major updates: asynchronous operations, statelessness, server identity, and an official community-driven registry for discovering MCP servers.⁶

December 2025: Anthropic donates MCP to the newly formed Agentic AI Foundation (AAIF) under the Linux Foundation. OpenAI and Block join as co-founders, with AWS, Google, Microsoft, Cloudflare, and Bloomberg as supporting members.⁷

The numbers tell the story: 97 million monthly SDK downloads across Python and TypeScript. Over 10,000 active servers. First-class client support in Claude, ChatGPT, Cursor, Gemini, Microsoft Copilot, and Visual Studio Code.⁸

One year. From internal tool to critical infrastructure.

Why MCP Matters: The Agent Infrastructure Layer

The real value of MCP isn't just cleaner integrations. It's what those integrations enable: AI agents that don't just talk, but act.

Before MCP, AI assistants lived in a bubble. You could ask Claude to analyze your sales data, but first you'd need to copy-paste it from your CRM, format it properly, and hope you didn't miss anything critical. The AI was smart but blind.²

Here is where MCP comes into the picture. Now when you ask an agent to "download my meeting transcript from Google Drive and attach it to the Salesforce lead," the agent can:

Authenticate with your Google account
Search and retrieve the specific document
Connect to Salesforce
Update the lead record

All without you switching tabs or touching a clipboard.

Illustration: Before and after MCP - showing the manual copy-paste workflow vs. automated agent workflow

This is what we mean when we talk about agentic AI: systems that can perceive their environment, make decisions, and take actions autonomously. MCP provides the plumbing that makes this possible at scale.

The Evolution: From Tools to Skills

Here's something we've seen evolve rapidly in our client work: the relationship between MCP connections and agent knowledge.

MCP tells agents what they can do. But agents also need to know how to do it well.

This is where approaches like Anthropic's Skills framework enter the picture. Skills are folders of instructions, scripts, and resources that agents can discover and load dynamically.⁹ If MCP is the highway, Skills are the driving manual.

The pattern we're seeing in production:

MCP provides connectivity to tools and data
Skills provide procedural knowledge and best practices
The agent orchestrates both to complete complex workflows

For example, connecting Claude to your PostgreSQL database via MCP is straightforward. Teaching it your company's data conventions, query patterns, and compliance requirements? That's where Skills (or similar approaches) become essential.

But here's the nuance that often gets lost: Skills and MCP aren't opposite sides of a coin—they actually overlap significantly. Anthropic's recent strategic shift toward Skills reflects this reality. While MCP connections can be resource-intensive (sometimes consuming tens of thousands of tokens), Skills are designed to be lightweight and load on demand, preserving context and improving response times.

There are scenarios where a Skills-only approach makes more sense—when you need efficient, context-aware task execution without the overhead of maintaining live connections or spending tokens on many MCP tools declarations. And there are scenarios where MCP shines—when you need easy and consistent access to external systems and dynamic data. Often, the best solutions combine both.

This interplay deserves its own deep dive, which we'll explore in a future post 🔜

The Hard Truth: Security Is Still the Elephant in the Room

Let's be direct: MCP in 2025 shipped fast, and security didn't always keep pace.

Security researchers have documented multiple outstanding issues, and some are genuinely concerning:¹⁰

Infographic: Top MCP security concerns - authentication gaps, prompt injection, token storage, toxic agent flows

Authentication gaps: The protocol provides minimal guidance on authentication, and many implementations default to no auth at all. Session IDs in URLs violate basic security practices. Until recently, there was no official registry to verify server authenticity.¹¹

Prompt injection vulnerabilities: Tool descriptions go straight to the AI model. Malicious actors can hide instructions in those descriptions that the AI follows without the user's knowledge.¹²

Token storage risks: MCP servers often store OAuth tokens for multiple services. One breach equals access to everything: your Gmail, your Drive, your CRM.¹³

The "Toxic Agent" flow: When you combine multiple tools, agents can exfiltrate data through clever chaining that no single tool would allow independently.¹⁰

The April 2025 security analysis put it bluntly: combining tools can exfiltrate files, and lookalike tools can silently replace trusted ones.¹

This isn't a reason to avoid MCP. It's a reason to implement it carefully:

Audit every MCP server before deployment
Implement strict tool allowlisting
Use isolated sandboxed environments
Apply the principle of least privilege religiously
Monitor agent behavior with comprehensive logging

The spec says "there SHOULD always be a human in the loop." Treat that as MUST, not SHOULD.¹²

The Linux Foundation Move: What It Means

The donation of MCP to the Agentic AI Foundation is significant for reasons beyond governance.

When Anthropic, OpenAI, and Block jointly contribute projects to a neutral foundation backed by AWS, Google, Microsoft, and Cloudflare, it signals something: the infrastructure layer of AI agents will be open, interoperable, and vendor-neutral.¹⁴

Logos: Agentic AI Foundation founding members - Anthropic, OpenAI, Block, AWS, Google, Microsoft, Cloudflare, Bloomberg

The AAIF launches with three founding projects:

MCP (Anthropic): The connectivity protocol
AGENTS.md (OpenAI): A markdown-based standard for giving agents project-specific instructions across repositories, already adopted by 60,000+ open source projects¹⁵
goose (Block): An open-source agent framework with MCP integration⁷

This is the full stack for building agentic applications: connection (MCP), instruction (AGENTS.md), and execution (goose).

For developers, the short-term appeal is clear: less time building custom connectors, more predictable agent behavior, and simpler deployment in security-conscious environments.¹⁶

How We Used MCP at Pento

Theory is one thing. Production deployments are another.

At Pento, we've been building with MCP since early 2025, primarily for enterprise clients who need AI agents that actually understand their systems. Here's what worked.

One of our most impactful implementations: custom MCP servers that let AI agents navigate large, complex codebases.

The problem was familiar to any engineering team at scale. New engineers spend weeks just understanding where things live. Senior developers waste hours answering "where is the API for X?" questions. Documentation exists but falls out of sync. The codebase becomes tribal knowledge.

Our solution exposed tools through MCP for:

Repository search and retrieval: Agents can query file structures, search across codebases by function name, class, or natural language description
API documentation lookup: Automatic extraction of endpoint definitions, request/response schemas, and usage examples
Dependency mapping: Understanding which services talk to which, and how data flows through the system
Code context retrieval: Pulling relevant code snippets based on semantic queries, not just keyword matching

The result? Engineers ask the AI agent questions like "How does the payment processing flow work?" or "Where do we handle user authentication?" and get accurate, contextual answers with direct links to the relevant code.

Onboarding time dropped significantly. New engineers reach productivity faster because they can explore the codebase conversationally instead of playing detective across dozens of files. Senior developers reclaimed hours previously spent answering navigation questions. The agent handles the routine lookups now.

The second major pattern: MCP servers for navigating large databases and accelerating query building.

Enterprise data warehouses are notoriously difficult to work with. Hundreds of tables, cryptic naming conventions, undocumented relationships. Building a BI dashboard query often requires more archaeology than SQL.

We built MCP servers that exposed tools for:

Schema exploration: Agents can list tables, understand column types, and identify primary/foreign key relationships
Semantic table search: Query "find tables related to customer orders" instead of memorizing exact table names
Sample data retrieval: Pull representative rows to understand what data actually looks like
Read-only query execution: Agents can run SELECT queries to validate their understanding before building complex reports

The key constraint: read-only access only. We're not letting AI agents write to production databases. But giving them the ability to explore, understand, and suggest queries has transformed how our clients' BI teams work.

Data analysts now describe what they need in natural language. The agent explores the schema, identifies the right tables, and proposes SQL. The analyst reviews, refines, and executes. What used to take hours of schema documentation diving now takes minutes of conversation.

Diagram: Custom MCP Server Architecture at Pento - showing codebase and database navigation flows

Lessons Learned

A few things we learned the hard way:

Start narrow, expand carefully. Our first implementations tried to expose too many tools. Agents got confused about which tool to use when. Better results came from focused servers with clear, non-overlapping capabilities.

Invest in tool descriptions. The quality of your tool descriptions directly impacts agent performance. Vague descriptions lead to wrong tool selections. We now spend significant time crafting precise, example-rich descriptions for every exposed tool.

Read-only by default. Until you have robust approval workflows, keep MCP servers read-only. The risk of an agent making unintended changes to production systems isn't worth the convenience of write access.

Monitor everything. We log every tool call, every query, every result. When something goes wrong (and it will), you need the audit trail to understand what happened.

The Evolution of AI Coding: Context for 2026

To understand where MCP fits in 2026, we need to look at how AI-assisted development has evolved.

In February 2025, Andrej Karpathy coined the term "vibe coding," where developers describe what they want in natural language and let AI handle implementation. The term went viral and landed in Merriam-Webster within a month.¹⁷

The numbers are striking: AI now generates 41% of all code written globally.¹⁸ Cursor reached $500M ARR in June 2025, growing from $1M to $500M in just 12 months.¹⁹

Chart: Growth of AI-assisted coding tools - GitHub Copilot vs Cursor vs Claude Code adoption 2023-2025

But here's the nuance: a rigorous METR study found that experienced developers using AI tools actually took 19% longer to complete tasks, despite believing they were 20% faster.¹⁸ The productivity gains are real for newer developers but complex for veterans.

What does this mean for MCP?

AI coding tools are evolving from "autocomplete on steroids" to autonomous agents that can navigate codebases, make architectural decisions, and execute multi-step workflows. MCP is the infrastructure that lets these agents interact with the broader development ecosystem, from Git to CI/CD to deployment.

The pattern we're seeing: code execution with MCP enables agents to use context more efficiently. Instead of loading all tool definitions upfront (potentially hundreds of thousands of tokens), agents can write code to discover and call tools on demand. Cloudflare calls this "Code Mode," and it's delivering 98%+ token savings in some deployments.²⁰

Hey there!

Are you planning to build AI agents for your organization? Schedule a conversation with our team to discuss how MCP and agentic workflows can improve your business operations and KPIs.

What's Coming in 2026: The Year of the Agent

Based on everything we've seen, here's our take on where this heads:

Illustration: 2026 predictions - four pillars showing integration, multi-agent, security, and human-in-loop evolution

1. Integration Becomes the Moat

The hardest part of building useful AI isn't the model. It's connecting to everything the model needs to be useful. Companies that build deep, reliable integrations will have durable competitive advantages.

Gartner predicts 40% of enterprise applications will include task-specific AI agents by end of 2026, up from less than 5% today.²¹ That's an extraordinary deployment velocity, and it all runs on integration infrastructure like MCP.

2. Multi-Agent Orchestration Goes Mainstream

Today, most AI deployments are single agents. By 2026, the standard will be multi-agent collaboration. One agent diagnoses, another remediates, a third validates, a fourth documents. These "agent squads" will be orchestrated dynamically based on the task.²²

The $30B agent orchestration market that analysts projected for 2030 might arrive three years early.²³

3. Security and Governance Become Table Stakes

With 85% of enterprises expected to implement AI agents by end of 2025, the security surface area is expanding fast.²⁴ By 2026, more than half of enterprises will use third-party services to create and oversee guardrails for AI agents.²³

The organizations that move early on governance, not just building agents but building them safely, will have cleaner deployments and fewer incidents.

4. The "Human in the Loop" Gets Redefined

The question isn't whether humans stay in the loop. It's where in the loop they sit. Agents will increasingly handle routine tasks end-to-end, with human intervention reserved for exceptions, approvals, and strategic decisions.

The metric won't be "incident resolved in 10 minutes" but "employee productivity unaffected by incident."²⁵

What This Means for Your Organization

If you're evaluating AI agent adoption, here's our practical advice:

Start with a focused use case. Don't try to connect everything at once. Pick one workflow where agent automation would deliver clear ROI: customer support triage, data pipeline monitoring, document processing. Prove value there first.

Prioritize security from day one. Implement server allowlisting, authentication integration, and comprehensive monitoring before you scale. The technical debt from insecure agent deployments compounds fast.

Invest in the integration layer. Whether you build custom MCP servers or use existing ones, the quality of your connections determines the quality of your agent outputs. Garbage in, garbage out, even with the smartest models.

Build organizational literacy. Nearly two-thirds of organizations report skill gaps in AI governance, data literacy, and leadership alignment.²⁶ The technology is moving faster than most teams' ability to use it effectively.

Plan for iteration. Agents today are imperfect. The models improve, the protocols mature, and best practices evolve. Build systems that can adapt.

The Bottom Line

MCP's first year transformed how AI systems connect to the world. Its second year will transform what they can accomplish.

The moat isn't in the models anymore. They're increasingly commoditized. The moat is in integration: connecting AI to your specific data, your specific tools, your specific workflows. That's where the real value compounds.

At Pento, we've been building production AI systems for over five years. MCP and agentic AI represent a huge shift in how we architect solutions since the introduction of transformers. It's not magic. It's plumbing. But great plumbing lets you build great buildings.

2026 is the year AI agents move from demos to deployments with all this great technology 🚀

A Year of MCP: From Internal Experiment to Industry Standard

What Is MCP (And Why Should You Care)?

The 2025 Timeline: From Experiment to Infrastructure