The most consequential AI infrastructure development of 2025 was not a model release. It was a protocol. Anthropic introduced the Model Context Protocol (MCP) in November 2024 as an open standard for connecting AI agents to external tools and data sources. By April 2026, 78% of enterprise AI teams report having at least one MCP-backed agent in production, and the public MCP server registry has grown from 1,200 servers in Q1 2025 to over 9,400 in April 2026.
For teams building AI agents, MCP is no longer optional. This article is the practitioner's view of what it is, why it won, and how to use it.
1. The problem MCP solves
Before MCP, every AI agent integration was a custom build. To let an agent query your database, you wrote bespoke glue code. To let it post to Slack, more glue code. To let it read from Google Drive, more glue. Each integration was specific to a single agent framework, written in a specific language, with its own authentication, error handling, and security boundaries. Over time, organisations accumulated dozens of these custom integrations — fragile, hard to maintain, and impossible to share between teams.
MCP standardises the interface. An agent that speaks MCP can connect to any MCP-compliant server. An MCP server (a small program that exposes a set of tools or resources) can be reused across any MCP-compliant agent. The economics shifted overnight from N×M integrations to N+M.
2. The architecture in plain English
MCP architecture: Host ↔ Client ↔ Server
MCP defines three roles:
- Host — the AI application the user interacts with (Claude Desktop, Cursor, ChatGPT, your custom agent).
- Client — a component inside the host that maintains the connection to a specific MCP server.
- Server — the program that exposes tools, resources, or prompts to the AI agent (a Slack server, a Postgres server, a GitHub server).
An MCP server can expose three things to the host:
- Tools — functions the agent can call (e.g.
send_slack_message,query_database,create_github_issue). - Resources — data the agent can read (files, database tables, document collections).
- Prompts — reusable prompt templates the host can offer the user.
The protocol uses JSON-RPC over stdio (for local servers) or HTTP/SSE (for remote servers). For most users, this is invisible — the host handles the protocol details and presents the available tools naturally to the model.
3. Why MCP won
Three reasons.
It was good enough early. The November 2024 specification was usable from day one. Anthropic shipped reference servers for Postgres, Google Drive, Slack, GitHub, Git, and Puppeteer alongside the protocol. Developers could try it the same week it was announced.
It was open. Apache 2.0 licensed. No vendor lock-in. Anthropic doubled down by donating MCP to the Agentic AI Foundation under the Linux Foundation in 2025, with founding support from Block, OpenAI, Google, Microsoft, AWS, Cloudflare, and Bloomberg. The protocol is now governed by a neutral foundation, not a single vendor.
The major hosts adopted it fast. ChatGPT (via the Apps SDK and Connectors), Microsoft Copilot, Cursor, VS Code, Gemini API and Vertex AI Agent Builder all shipped MCP support during 2025. Microsoft published MCP servers for GitHub, Azure, Microsoft Teams, and the Microsoft 365 surface. By Q1 2026, MCP was the universal common denominator across AI hosts.
4. The 2026 ecosystem
What an MCP server can expose
Public statistics tell the story:
- 9,400+ public MCP servers as of April 2026, growing at +18% month-over-month through Q1 2026.
- 67% of CTOs surveyed name MCP as their default agent-integration standard within 12 months.
- 78% of enterprise AI teams have at least one MCP-backed agent in production.
The server ecosystem covers everything from developer tools (GitHub, GitLab, Postgres, Redis) through productivity (Slack, Notion, Google Drive, Microsoft 365) to enterprise systems (Salesforce, ServiceNow, SAP) and the long tail of internal-corporate servers that organisations build for their own systems.
5. How to use MCP in 2026
If you are using AI agents
Use a host that supports MCP — Claude Desktop, Cursor, VS Code, or any of the major frameworks (LangGraph, OpenAI Agents SDK, n8n's MCP node). Configure the MCP servers your agent needs. Most popular tools have a public server already; the registry at modelcontextprotocol.io is the starting point.
If you are building agents
Pick an SDK in your language of choice — TypeScript, Python, Go, and Rust SDKs are all maintained. Wrap your internal tools as MCP servers rather than as direct API calls inside the agent. The investment pays back the first time you reuse the server with a different host or a different agent framework.
If you are securing AI deployments
MCP servers are the new attack surface. They have credentials, they call internal systems, and they are exposed to the agent's reasoning. Apply the controls we cover in our agentic security article: allowlist tool surfaces, audit log every call, human-in-the-loop on consequential actions, hard spend caps, kill switches.
6. What is changing in 2026
Three trends to watch.
Code execution with MCP. Anthropic published research in 2025 showing that letting agents write and execute code that calls multiple MCP servers — rather than calling each server step by step — is dramatically more efficient. The pattern is becoming standard for complex multi-tool tasks.
Authentication standardisation. The early MCP authentication story was inconsistent — each server handled credentials differently. The OAuth 2.1 integration that landed in the late-2025 specification revisions is becoming the default for remote MCP servers. Expect this to settle further through 2026.
Enterprise governance tooling. As MCP adoption hits the 78% mark in enterprise, the governance layer is catching up. Expect tools that audit MCP server usage, enforce data classification at the server level, and integrate MCP with enterprise IAM.
For Malaysian teams building MCP-based agents with appropriate governance, our AI Agentic Automation programme and AI Agentic Security programme cover the full stack — building, securing, and governing MCP-integrated systems. HRDC SBL-KHAS claimable for eligible employers.
