Model Context Protocol (MCP) in Agentic AI Systems

Model Context Protocol (MCP) is an open standard for connecting AI models (especially large language models) to external data sources, tools, and services in a secure and standardized way[1]. Introduced by Anthropic in late 2024, MCP defines a universal interface for reading data (e.g. files or database entries), executing functions or API calls, and handling contextual prompts[1]. By providing a consistent “plug-and-play” protocol, MCP aims to break down information silos and replace the proliferation of custom integrations with a single, interoperable layer[2][3]. This allows agentic AI systems – AI agents that can plan and use tools – to access up-to-date context and perform actions in real-world systems more reliably. In this report, we detail MCP’s architecture and design, its origins and related work, how it compares to alternative approaches, adoption in industry, domain-specific use cases, supporting tools, and guidance for implementation.

MCP Architecture, Objectives, and Interfaces

Figure: Reference architecture for MCP in an enterprise context. Here multiple AI hosts (e.g. VS Code, ChatGPT, or Claude) run MCP clients that connect to various MCP servers. Each server exposes specific tools, data, or resources (from local files to cloud APIs), enabling the AI agent to fetch context or perform actions across systems via one standardized protocol[4][5].

MCP follows a client–host–server architecture[4]. In this model, an AI application (for example, a chat assistant or coding IDE with AI capabilities) acts as the host, which can manage one or more MCP clients. Each MCP client is essentially a connector within the host that maintains a stateful JSON-RPC session to an external MCP server[6][5]. The MCP server is a service (local process or remote) that provides a particular set of context or tools to the AI. The host coordinates these connections and enforces security, while each client–server pair handles a specific domain of data or functionality. All communication uses JSON-RPC 2.0 messages over a persistent connection, making the protocol language-agnostic and enabling two-way interaction (requests and notifications)[7][8]. This design takes inspiration from the Language Server Protocol (LSP) used in coding IDEs – similar to how LSP standardized language tooling across editors, MCP standardizes how AI systems integrate tools and context across applications[9].

Key components and interfaces: The MCP spec defines a set of standard capabilities that servers can offer and a corresponding set that clients (AI hosts) can handle[10][11]:

• Resources: Servers can provide resources – read-only data or context (e.g. retrieving documents, database records, file contents)[12]. This gives the AI access to information it didn’t have in its prompt, such as a knowledge base article or code snippet.

• Tools: Servers can expose tools, which are essentially functions or actions the AI can invoke that produce side effects or computations[13]. For example, a tool might perform a web search, send an email, execute a code snippet, or modify a record. Tools are analogous to the “functions” or APIs an agent can call.

• Prompts: Servers may supply prompts – templated messages or workflows that the AI or user can utilize[12]. These help provide structured guidance or multi-step interactions (for instance, a predefined prompt to summarize a document or a step-by-step workflow for a task).

On the client side, MCP also defines features that servers can request from hosts[14]. These are mechanisms enabling the server to ask the AI or user for more information or to perform AI-driven operations:

• Elicitation: A server can issue an elicitation request, prompting the host to get additional input from the user if needed[15] (e.g. “Please provide the date range for the report” if the user’s query was ambiguous).

• Sampling: A server can request LLM sampling, meaning it asks the host to have the AI generate some content or intermediate reasoning step[14]. This essentially lets the server trigger the AI to do a sub-task (with user approval), enabling recursive interactions. For example, a code-generation server might ask the AI to refine a code snippet through another round of prompting.

• Roots: The host can also allow servers to define root contexts or boundaries (e.g. a filesystem path or database scope in which the server is allowed to operate)[14]. This feature ensures servers operate only within permitted areas (for example, an MCP server for files might be “rooted” to a specific project directory).

All these interactions are governed by a standard interface using JSON schemas and message types defined in the MCP specification. Every MCP server declares the capabilities it supports (which resources, tools, prompts it provides) and every client declares which features it can handle (like whether it supports receiving tool definitions, handling server notifications, etc.)[16][17]. This capability negotiation happens when a connection is established, ensuring both sides know what features can be used during the session[16][17]. Thanks to the standardized JSON-RPC message format and schemas, any MCP-compliant client can interface with any MCP-compliant server and understand its offerings without custom coding[18][19]. In effect, MCP acts like a universal adapter or “USB-C port” for AI models to access external functionalities[20][21].

Design objectives: MCP’s core objective is to make AI context-aware and break the “black box” isolation of models by granting them safe access to real data and tools. Before MCP, hooking an AI assistant to each new database or API meant writing a bespoke integration or plugin, leading to an N×M explosion of adapters and significant maintenance overhead[3][22]. MCP addresses this by defining a single open protocol – once a data source or service is wrapped in an MCP server, any AI client that speaks MCP can use it, and once an AI platform supports MCP, it can connect to any compliant data source. This dramatically simplifies scaling AI integrations, moving from custom one-off connectors to a write-once, use-anywhere model[2][23].

Security and reliability were also top priorities in MCP’s design. The host (AI application) sits in between the model and tools specifically to enforce security, permissions, and user consent[24][25]. The user must approve what data sources and tools the AI is allowed to access, and servers are sandboxed – an MCP server cannot read the AI’s entire conversation or access other servers’ data unless explicitly permitted[26]. For example, a GitHub server would only receive repository queries, and a database server only gets the query it’s asked to run, rather than the full chat history. This principle of least privilege is built-in: “servers should not be able to see the whole conversation nor see into other servers”[26]. The protocol also emphasizes user control: the AI can’t invoke a tool (like executing code or sending an email) without the host first obtaining user consent[27][28]. Every action is mediated and can be logged. MCP includes guidelines for implementers to maintain audit trails of all requests and actions, to use proper authentication (e.g. OAuth tokens for sensitive APIs), and to respect privacy (only sharing minimal necessary data)[29][30]. In other words, MCP provides the plumbing for tool access, and it’s up to the host applications to build the guardrails around that plumbing (consent dialogs, permission scopes, rate limiting, etc.)[31][32]. Done properly, MCP allows enterprise-grade security and compliance even as AI agents tap into various systems.

In summary, MCP’s architecture is about modularity and standardization: an AI agent (host + model) can interface with many external resources through a uniform client/server protocol, rather than hard-coding each integration. The MCP interface handles finding out what a tool can do, invoking it with structured inputs, and returning results in a format the AI can use – all while the host maintains oversight. This lets AI systems maintain context continuity across multiple tools and data sources. For instance, an AI agent could pull a file from Google Drive, pass its content to a database query, then use the result to send a Slack message – all via MCP connectors – without the developers writing glue code for each step. MCP abstracts those connections behind a consistent API, so the AI’s reasoning process can focus on what it needs (e.g. “get customer record” or “send alert”) rather than how to call each service’s API.

Academic Background and Origins of MCP

MCP emerged from the recognition that as powerful as modern LLMs are, they are handicapped by their lack of direct access to fresh information and the ability to act. Prior to MCP, companies attempted various ad-hoc solutions to bridge models with external data. For example, OpenAI’s introduction of function calling in 2023 and the ChatGPT Plugins system were early attempts to let models execute code or query APIs, but these required vendor-specific schemas or plugins for each tool and lacked a universal approach[33]. Each AI provider or framework was creating its own ecosystem of plugins and integrations, leading to duplication and incompatibility. Anthropic’s team framed this as an “N×M integration problem” – every new model or AI assistant (N) needed custom integration for each new data source (M), resulting in N×M work overall[3].

Anthropic formally announced MCP on November 25, 2024 as an open standard to tackle this problem[1][3]. Although the effort was industry-driven, there are notable academic and engineering precedents that influenced MCP’s design:

• Language Server Protocol (LSP): The idea of a standardized protocol for tool integration took inspiration from LSP, a protocol by Microsoft for integrating programming language tooling (like auto-complete, linting, find references) into different code editors[9]. MCP’s authors note that they “deliberately re-use the message-flow ideas of LSP” – essentially adapting the client/server pattern for AI context instead of programming languages[33]. Like LSP, MCP uses JSON-RPC messages and capability negotiation, and strives to make servers stateless and simple to implement. This influence is explicitly acknowledged in the MCP spec[9].

• ReAct and Agentic Planning: In 2022, researchers introduced the ReAct (Reason+Act) paradigm[34] for prompting language models to both reason and take actions (like tool usage) in a loop. While ReAct itself is a prompting strategy (not a protocol), it highlighted the need for models to interface with tools in order to solve more complex tasks. MCP can be seen as a complementary innovation: where ReAct provides a cognitive framework for when and why an agent should use a tool, MCP provides the infrastructure for how the agent actually connects to and executes those tool operations. The rise of agentic AI research – spanning chain-of-thought prompting, planners, and multi-agent systems – created fertile ground for a standardized context protocol. Google’s research on Toolformer and WebGPT, and the plethora of open-source “auto-agents” (AutoGPT, BabyAGI, etc.) all underscored the value of giving models access to tools. MCP emerged to offer a formal layer for such access, rather than each project hacking its own solution.

• Early Tool Integration Frameworks: Even before MCP, there were frameworks like Microsoft’s Semantic Kernel and libraries like LangChain (discussed more in the next section) that addressed context injection and tool orchestration. These efforts demonstrated the demand for general solutions. However, they were largely library-specific. MCP’s development can be seen as an attempt to standardize what these early frameworks were doing in bespoke ways – analogous to how HTTP standardized web communication that previously might have been done with custom protocols. In particular, the concept of having a separate process or service for each data connector (as MCP servers do) has roots in plugin architectures and Unix philosophy, but MCP formalized it with a language-neutral schema and an open governance model (the spec and reference SDKs were open-sourced from day one[35]).

MCP did not originate as a peer-reviewed academic paper, but it has since drawn interest from researchers. For instance, an early 2025 arXiv preprint by Hou et al. analyzed “MCP: Landscape, Security Threats, and Future Research Directions”, examining how MCP might evolve and how to address vulnerabilities. Researchers have noted MCP’s similarity to other standardization efforts like OpenAPI/Swagger (which standardizes REST API descriptions) – in fact, tech press nicknamed MCP the “USB-C for AI”, emphasizing how it promises a universal connector in the AI tool ecosystem[36][37]. As of early 2025, MCP is being discussed not just as an engineering tool, but also in the context of AI governance and safety: a standard like MCP, if broadly adopted, could simplify auditing what tools an AI can access and ensure consistent enforcement of policies across different AI platforms[38][31].

In summary, the development of MCP was driven by industry practitioners (Anthropic and partners) rather than academia, but it synthesizes ideas from prior art in both research and practice. It builds on lessons from prompting strategies (ReAct, CoT), earlier integration hacks (function calling, plugins), and software architecture (LSP, microservices) to create an open protocol. Its introduction has been seen as a milestone in making AI systems more extensible and practical, garnering support from key AI players soon after its release. Within months of launch, OpenAI and Google DeepMind publicly endorsed MCP and announced plans to integrate it[39][40], lending further credibility to MCP as an emerging standard, not just a single-vendor proposal.

Related Work: MCP vs Other Approaches for Context and Tool Use

MCP is entering a landscape where many approaches already exist for injecting context into AI and orchestrating tool use. Key alternatives and complementary solutions include agent prompting strategies, AI orchestration frameworks, and other emerging protocols. The following table compares MCP with several notable approaches:

In summary: MCP is not an agent algorithm or a planning framework – it does not tell the AI when to call a tool or which tool to choose. It simply standardizes the interface to tools and data. The logic for deciding to use a tool (like ReAct’s reasoning process or a LangChain agent’s loop) operates on top of MCP[45]. In fact, IBM’s overview of MCP emphasizes that “MCP is not an agent framework, but a standardized integration layer… MCP does not decide when a tool is called or for what purpose”[45]. Instead, it complements those higher-level orchestrators, providing the reliable plumbing so they don’t have to hard-code integrations. This distinction is important: one could use LangChain or Semantic Kernel to build an AI agent’s logic, but use MCP to handle the actual tool execution calls – benefiting from the growing library of MCP servers.

Other related efforts include proprietary platforms like Moveworks or IBM’s Watson Orchestrate, which integrate enterprise systems with AI (often with their own SDKs). What sets MCP apart is its aspiration to be an open standard – much like HTTP or SQL, anyone can implement it and it’s not tied to one vendor’s stack[39]. The rapid endorsement by industry leaders (Anthropic, OpenAI, Google, Microsoft, etc.) suggests MCP is on a path to become the universal glue for AI tool use, analogous to how REST APIs became the universal way to connect web services[46][47]. MCP’s open nature also means it can integrate with emerging ideas (like agent-to-agent protocols, or new tool schemas) without being locked down.

To illustrate how MCP sits relative to others: if building an AI solution, one might use an agent framework (LangChain or a custom planner) to manage the conversation and reasoning, and use MCP to handle connecting to various enterprise systems needed for that reasoning. This is different from early approaches like ChatGPT Plugins, where the logic and integration were intermixed in a closed environment. As the table above shows, MCP’s main “competitors” are not exactly apples-to-apples – many are either lower-level (protocols for multi-agent or API descriptions) or higher-level (agent planning libraries). MCP aims to fill a middle layer role that hadn’t been standardized before.

Enterprise Adoption of MCP

Since its launch, MCP has seen swift uptake across the AI industry, with both AI platform providers and enterprises adopting it to streamline their AI integrations. Major tech companies and startups alike are building MCP support into their products or using it internally, seeing benefits in flexibility and reduced integration work. Table 1 below highlights some notable examples of MCP adoption in production systems and the patterns emerging:

Patterns in enterprise rollout: Organizations typically start with a pilot project to integrate one or two key systems via MCP, then expand. For instance, a bank might first connect an internal knowledge base and email system to an AI assistant using MCP, and once that’s successful, add more feeds like CRM data or transaction databases. Many enterprises report taking a phased adoption – test locally (often with a single-user desktop AI app connecting to local MCP servers), then move to a self-hosted MCP server in the backend that multiple users’ AI agents can query. Anthropic’s documentation notes that developer teams often experiment with MCP servers locally and then deploy remote servers “that can serve your entire organization”[50].

Another pattern is leveraging cloud infrastructure for MCP servers. Because MCP is just JSON over a stream, it’s easy to deploy servers as microservices. Cloudflare, for example, published a tutorial on deploying MCP servers to their Cloudflare Workers platform for scalability[76]. Similarly, Microsoft showed how to host MCP servers in Azure with full CI/CD pipelines[52]. This devops angle means enterprise IT can manage MCP connectors just like any other service (with monitoring, logging, and isolation), which eases security teams’ concerns.

Finally, a noteworthy trend is the creation of MCP Marketplaces/registries. The community launched sites like mcpmarket.com and mcp.so, which list hundreds of available MCP servers (connectors) contributed by various developers[77]. This is analogous to app stores or API marketplaces – a company can find pre-built MCP connectors for many common tools (e.g. Google Calendar, HubSpot, Jira) and deploy them, rather than reinventing the wheel. Enterprise adoption benefits from this shared ecosystem: it lowers the cost to integrate each new system. However, companies also vet these connectors for security and often fork them into internal repos to review the code, given the sensitivity of data involved.

In summary, MCP’s enterprise adoption shows a convergence of AI providers and enterprise developers on a common standard. Early adopters have reported that MCP significantly reduced integration times (going from weeks of custom development to days or hours to wire up a new tool) and improved the maintenance of AI integrations (since updates to a tool’s API can be handled in one place, the MCP server, rather than in every agent implementation). The challenges are ensuring robust security and performance at scale, but the ecosystem (Anthropic, OpenAI, etc.) is actively addressing these by evolving the spec. With heavyweights like OpenAI and Google on board, MCP is on track to become as ubiquitous for AI-tool integration as HTTP is for web services.

Practical Use Cases of MCP Across Domains

One of MCP’s strengths is that it is domain-agnostic – any scenario where an AI might benefit from external context or the ability to take actions can leverage MCP. Below, we explore how MCP is being applied in three important domains, highlighting concrete use cases:

Software Engineering and DevOps

In software development, AI assistants (like GitHub Copilot, Replit’s Ghostwriter, or Sourcegraph’s Cody) are already helping with code suggestions and questions. MCP supercharges these assistants by giving them direct access to project data and developer tools:

• Codebase comprehension: AI coding assistants can use MCP to interface with version control and code repositories. For example, a Git MCP server allows the AI to list branches, read specific files or diffs, and even commit changes if permitted. Instead of a developer manually providing code context, the AI can fetch on demand. A typical use case: “Find the implementation of function X” – the AI can call a search tool or the Git server to retrieve the code for function X from the repository[65][66]. This has been implemented in IDEs like Zed and VS Code extensions, where the AI agent will automatically open relevant files via MCP when the user asks a question about them. It transforms the AI into something like a smart code navigation engine combined with a coder.

• Issue tracking and documentation: Developers often ask AI assistants questions that involve external knowledge, like “Is there a ticket for this bug?” or “What does the API contract say for this service?” With MCP, an AI agent can query an issue tracker (e.g. Jira) or a wiki (Confluence, GitHub Wiki) via dedicated MCP servers. Early adopters like Block combined Slack and GitHub MCP servers so that an AI coding assistant could, for instance, pull recent Slack discussions about a piece of code or fetch the text of a design document in GitHub, then use that context to answer the developer’s question[65][78]. This addresses a common pain: AI often lacks up-to-date project knowledge, leading to hallucinations or irrelevant suggestions. MCP provides a live feed of the project’s documentation and communications to the AI.

• DevOps and CI/CD automation: AI agents can also take actions in the development workflow using MCP tools. For instance, a Jenkins or GitLab MCP server could expose tools to trigger build jobs or deployments. An AI bot might detect a failed build (via a monitoring MCP server like Datadog or Dynatrace) and then use a CI server’s MCP tool to rerun the job or roll back a deployment, with human approval in the loop. At Dynatrace, they demonstrated an AI ops assistant that can query telemetry data and then create a remediation ticket or restart a service using Kubernetes tools – all mediated by MCP connectors for the observability and the cluster control[69][67]. The benefit is rapid response and analysis: the AI can gather diagnostic info and even attempt fixes, accelerating devOps workflows.

• “Vibe coding” and continuous context: In modern dev workflows, especially with practices like “vibe coding” (where an AI pairs with a developer continuously), maintaining context is key. MCP allows continuous context sharing beyond the token limit of the model. For example, Sourcegraph uses the term “vibe coding” to describe AI that constantly watches what you’re doing and offers help[79]. MCP enables this by streaming relevant changes: as a developer edits code, an MCP file system server can notify the AI of the diff (via resource update notifications). The AI can then proactively say “I see you changed the function X, do you also need to update its unit tests?” This kind of proactive assistance is made possible because MCP provides a channel for tools to push updates (the server can send notifications to the client) in a structured way, rather than the AI only reacting to user prompts. Developers thus get a smarter, context-aware co-pilot that feels like it “understands” the whole project environment.

Overall, in software engineering, MCP is bridging AI with the rich set of developer tools and data. It transforms AI from a passive autocomplete on your code to an active agent that can search your project, consult documentation, run test commands, and more. Early metrics from companies using MCP in coding show improved solution rates for coding queries and reduced hallucinations, since the AI can verify information (e.g., checking the actual codebase for a function definition rather than guessing). A notable benefit is time saved on context switching – developers don’t have to leave their IDE to fetch info for the AI, the AI can fetch it itself. One challenge is ensuring the AI doesn’t introduce breaking changes or act without oversight; hence most coding MCP use cases still require the human to approve certain actions (like committing code), using MCP’s consent mechanisms. But as confidence in AI grows, we might see more autonomous agent actions (especially for routine tasks like updating config files across repos).

Healthcare (Clinical Context Integration)

Healthcare is a sector where AI has huge potential – from assisting in patient interactions to analyzing medical data – but is also high-stakes and heavily regulated. MCP is making inroads here by enabling AI models to safely access and act on Electronic Health Records (EHRs) and other medical data, which are typically siloed in hospital systems:

• Electronic Medical Record (EMR) context: One of the hardest problems for an “AI doctor” or medical assistant is getting access to the patient’s current data (vitals, labs, medications) in real time. Traditionally, AI models are disconnected from live EMRs due to privacy and integration challenges. MCP is solving this by providing a FHIR MCP server in some implementations[80][81]. FHIR is a standard format for healthcare data (used by EHR systems like Epic or Cerner). An MCP-FHIR connector acts as a bridge: the AI can request, say, “get latest blood test results for patient 123” through the MCP server, which translates it to a secure FHIR query, retrieves the data, and returns it to the AI. Because MCP enforces structure and logging, each such access is auditable (who accessed what and when)[82][83] – crucial for compliance with HIPAA. For example, a system called AgentCare demonstrated an AI assistant pulling a patient’s allergy list, recent notes, and vitals via an MCP server connected to an EHR API[84]. The AI could then use that context to triage the patient or answer questions, providing far more relevant and personalized output than a generic model. Doctors using such an AI report it’s like having a second pair of eyes that never forgets to check the chart.

• Ambient clinical documentation: Another use case is reducing the documentation burden on clinicians. Ambient AI scribe tools listen to the doctor-patient conversation and draft notes. With MCP, these tools can also query relevant data during the encounter. For instance, while listening, the AI might encounter, “Patient was on atenolol last year” – it can call the EHR via MCP to verify the medication history. Or as labs come in during a visit, an MCP server can stream those results to the AI in real time[85]. The AI can then incorporate the latest lab values into its note or alert the doctor if something is abnormal. A hospital pilot cited a 40% reduction in after-hours documentation when using an AI assistant that had access to patient data via MCP[85] – because the AI could automatically fill in the note with structured data (problem lists, med lists, lab results) fetched through the protocol, leaving the doctor to just verify and sign.

• Clinical decision support and alerts: MCP is also enhancing AI-driven clinical decision support systems. Many hospitals use early warning scores or alert systems that often suffer false alarms due to limited data. By using MCP to give an AI access to comprehensive patient data (labs, vitals, med orders, nursing notes in real time), the AI can generate more precise alerts. For example, instead of a sepsis alert triggering on a single high temperature, an AI agent can pull a patient’s full context (recent surgery, current antibiotics, etc.) and produce a more nuanced risk assessment[86]. MCP’s structured access means each piece of data that contributed to an alert can be logged and even explained to clinicians (“Alert triggered because blood pressure dropped 20% and lactate is 4.2, pulled via MCP at 3:45pm”). This transparency builds trust, as doctors can review why an AI recommended a certain action, with references to actual data.

• Workflow automation in healthcare: Beyond direct patient care, MCP is being used for automating administrative and coordination tasks. A striking example: prior authorization for treatments. MCP can enable an AI agent to gather all necessary info (diagnoses, past treatments, insurance policy rules) and prepare a prior-auth request package automatically[87]. Because regulators are pushing for standard electronic prior-auth (often FHIR-based) by 2026, some are exploring an MCP server for payers that an AI can use to submit and monitor requests[87]. Similarly, hospital operations (“hospital flow”) can benefit: an AI system can query bed management systems, staffing systems, and discharge planning tools via MCP to predict bottlenecks and suggest actions (e.g. “Three patients could be moved from ICU to step-down to free beds, and lab results pending for X might delay discharge – consider expediting them”)[88]. These multi-system queries would be extremely hard to implement without a unifying protocol, but MCP allows the AI to seamlessly pull data from each relevant system and then reason over it.

• Safety, compliance, and HMCP: Given healthcare’s sensitivity, an Healthcare MCP profile (HMCP) is emerging[89]. This builds on MCP but adds domain-specific constraints: e.g. aligning with healthcare data standards (HL7, FHIR profiles), terminology normalization (so the AI sees consistent terms for labs or meds via the server), and additional safety checks (like risk-scoring requests – if an AI tries to access something outside its scope, the server can block it)[90]. MCP was designed with such specialization in mind; you can think of HMCP as a set of conventions on top of MCP that hospitals agree on. Already, hospitals using HMCP report that integrating an AI assistant took “days, not months” because the heavy lifting (auth, data mapping) was handled by the MCP layer[91]. They could plug an AI into their existing systems without building custom interfaces for each.

In summary, MCP in healthcare is all about giving AI access to the right patient context at the right time, while ensuring strict controls. The results are promising – more informed AI recommendations, reduction in clerical load, and potentially better patient outcomes through timely insights. The audit trail aspect is worth re-emphasizing: every MCP interaction can be logged (user X’s AI agent accessed data Y at time Z)[82][83]. This not only helps with compliance (GDPR, HIPAA) but can also be leveraged for continuous monitoring of AI behavior. For example, if an AI starts querying unusually broad data (potential privacy issue), systems can flag it, thanks to uniform logging. Physicians like Dr. Harvey Castro have commented that “the real limitation of clinical AI isn’t the model; it’s the context” – MCP is closing that gap[92][93]. Of course, challenges remain: integration with legacy EHRs is non-trivial (healthcare IT is notoriously heterogeneous), and significant validation is required to trust AI outputs in critical settings. But MCP provides a path to carefully introduce AI into the clinical workflow, starting with low-risk tasks (note-taking, information retrieval) and gradually expanding as confidence grows[94].

Finance and Banking

In finance, where accuracy, auditability, and security are paramount, MCP is powering a new generation of AI assistants that can actually do things rather than just chat. Key use cases include:

• Customer-facing finance assistants: Banks and fintech companies are using MCP to enable AI agents that can handle user requests which involve checking sensitive financial data or performing transactions. For instance, consider a banking chatbot where a user asks, “What’s my current loan balance and can I increase my monthly payment by $100?” Normally, a generic AI can’t answer that because it doesn’t have access to your account info or the ability to execute transactions. With MCP, the bank’s AI assistant can have a Loan Account MCP server and a Payments MCP server. The AI (with proper authentication) can query the loan balance via MCP (which pulls from the core banking system), and then, if the user confirms, call a payment tool via MCP to schedule the extra payment. A real example: a fintech lending platform integrated MCP so their AI could fetch wallet balances, check loan status, and even initiate blockchain smart contract calls (for loan repayments on a DeFi platform) securely[95][96]. They noted previously their AI would just say “log into your dashboard” because it lacked integration; after MCP, the AI can directly provide answers and take actions, making it far more useful[97][98]. Every action (like a loan repayment) is logged via MCP with timestamps and parameters, creating a comprehensive audit trail that compliance officers can review[99]. This is crucial in finance – any transaction the AI does must be traceable and authorized.

• Internal analytical assistants: Financial institutions have analysts and back-office teams that spend time pulling data from various systems (trading systems, risk databases, market feeds). MCP can enable an AI that automates these data-gathering tasks. For example, an investment firm created an AI analyst that can fetch portfolio performance metrics from a SQL database, get the latest market news from a news API, and then generate a summary for the team each morning. They used MCP servers for their SQL data warehouse and for a news service, allowing the AI to query both easily. The benefit is that the AI’s responses are grounded in the firm’s actual data rather than just generic info. Another example is real-time dashboards: A stock trading desk could have an AI monitor that uses MCP to pull data from a monitoring dashboard (like Datadog or custom apps) and verbally alert the team if anomalies occur. Datadog itself released an MCP server to retrieve logs and metrics via AI agents[100], showcasing such scenarios. The AI can essentially sit on top of existing dashboards and provide a natural language interface to them.

• Compliance and audit tasks: MCP is proving very useful for regulatory compliance use cases. Banks have to generate reports and audit trails for everything. AI agents can assist by compiling information from multiple systems and preparing compliance documents. For instance, consider an AI that every week prepares a summary of all large transactions and checks them against sanctions lists. Using MCP, the AI can: query the transaction database (via an MCP server) for transactions above threshold, use another MCP tool to cross-check names against an external sanctions API, and then compile a report. All steps are logged. In fact, companies are building specialized MCP servers like RegGuard that provide “AI-powered regulatory compliance checking” as tools (for marketing content approval, financial communications, etc.)[101]. These MCP servers encapsulate complex rules, and the AI can call them as needed. Another aspect is that MCP’s logging can serve as an audit trail itself: one consulting firm described how every MCP tool invocation in their fintech app recorded timestamp, user context, arguments, and results, which not only helped with compliance but also gave analytics on user behavior[99][102]. This is incredibly valuable in finance where you need to know exactly what the AI did or said to a client and why.

• Multi-step financial workflows: Finance often involves compound actions (e.g., to execute a trade you might need to check balances, then place order, then log it). MCP allows these to be orchestrated seamlessly. In a blockchain finance app example, they created MCP tools such as check_wallet_balance, swap_token_pair, initiate_loan_repayment[103]. An AI agent could chain these: first call balance, then if funds are in a different currency call swap, then call loan repayment, then update records – all via MCP[104]. From the user’s perspective, they just say “Optimize my loan payoff with my crypto wallet”, and the AI handles the multi-step execution conversationally[105]. This is a game-changer: it turns tedious multi-app interactions into one cohesive dialogue. Institutions are cautious, so most have a confirmation step – MCP supports smart confirmation prompts where the AI (via the server) can ask the user “Do you confirm repaying 1.3 ETH (≈$2,891 USD)?”[106][99] before actually calling the final tool. This ensures no surprise transactions and gives the user clarity on what they’re approving.

The financial domain pushes MCP to its limits in terms of security and trust. Fortunately, MCP was built with this in mind: it supports authentication tokens, end-to-end encryption (often TLS for transport), and fine-grained permissioning. In one deployment, they set up granular permissions such that the AI could only call certain MCP tools if certain conditions were met (e.g., high-value transfers required that the user had a particular KYC level and 2FA)[107]. This was enforced in the MCP server logic. Another safeguard is tool metadata: developers include descriptions and usage guidelines for each tool, so the AI is less likely to misuse them[108]. For example, a tool trigger_smart_contract might have a note “For dev use only, requires admin rights” – the AI client sees this and (if properly instructed) will avoid calling it unless appropriate.

Financial firms also appreciate that MCP doesn’t open a direct door into systems without oversight; the host application (which they control) mediates everything. Many are integrating MCP into their existing authentication flows – e.g., if a user is chatting with an AI in a banking app, the MCP client on the host can pass along the user’s auth token to the MCP server to ensure the AI agent only accesses that user’s data. Essentially, MCP can be slotted into the existing zero-trust security model: the AI is just another microservice requesting data, and it must present credentials and be authorized like any other service. Skyflow, a data security company, even announced tools to facilitate using MCP in a way that keeps sensitive data safe (like tokenizing data and only revealing it to the AI transiently), with full audit trails for GDPR and HIPAA compliance[109].

In conclusion, in finance MCP is enabling AI with real agency – not just advising, but actually executing transactions under controlled conditions. Early adopters have reported vastly improved customer experiences (users can accomplish tasks via chat in seconds that previously required navigating apps or calling support) and internal efficiency (agents automating what analysts or ops staff did manually). The big challenge remains trust: finance is conservative, and these AI systems require rigorous testing to ensure they won’t err (e.g., transfer money to the wrong account). MCP’s structured and logged approach is what makes stakeholders comfortable to experiment – they can review logs, set tight permissions, and incrementally expand AI’s autonomy. The comprehensive logging (“comprehensive audit trails” with every parameter and result recorded)[99] is a safety net: if something ever goes wrong, they can trace exactly what happened. And importantly, MCP’s standardized nature means all this doesn’t have to be re-built for each use case; a well-designed MCP integration layer can be reused across many financial products, from retail banking to insurance to capital markets.

MCP Ecosystem: Open-Source and Commercial Tools

From the beginning, MCP was envisioned not just as a spec but as an ecosystem of interoperable tools. Today, that ecosystem is flourishing, with numerous open-source and commercial offerings that implement or support MCP:

• Official SDKs and Reference Servers: Anthropic released MCP SDKs in at least 4 languages – Python, TypeScript/JavaScript, C#, and Java – to make it easy to build clients or servers[110]. These SDKs provide base classes and helpers for the JSON-RPC handling, so developers can focus on the business logic of their tool. Alongside, Anthropic open-sourced a repository of reference MCP server implementations for common services (Google Drive, Slack, GitHub, Git, PostgreSQL, Puppeteer for web, Stripe for payments, etc.)[110]. These reference connectors (available on GitHub) give developers templates to create their own. For instance, the GitHub server shows how to handle authentication to the GitHub API and implement functions for searching repos or creating issues, all following the MCP protocol schemas.

• Community-Contributed Servers: The community has rallied to contribute a vast array of MCP servers. According to the MCP website, by mid-2025 there were “1000+ available servers” for various tools[111] (some might be experimental, but it indicates breadth). A KDnuggets article highlighted “10 Awesome MCP Servers” including connectors for Notion, Salesforce, SAP, Twitter, and even IoT sensor platforms[112][38]. On GitHub, organizations like Lobehub maintain lists of MCP servers (e.g., RegGuard for compliance checks[101]). There are also specialized servers: e.g., Zotero (reference manager) servers that let an AI fetch academic citations and PDFs[75], a Jira server to create or query tickets, a Jenkins server for CI jobs, and so on. Most of these are open-source under MIT or Apache licenses, encouraging customization. Developers often start by grabbing one of these and modifying it for their proprietary systems.

• MCP Marketplaces/Directories: As noted earlier, mcp.so and mcpmarket.com emerged as user-friendly directories listing available MCP servers. These sites categorize servers by domain (productivity, developer tools, enterprise software, etc.) and often link to their source repo or Docker image for deployment. The idea is to make discovering and sharing MCP integrations as easy as finding a Slack app or a browser plugin. Some companies are considering their own curated marketplaces (for example, Microsoft could curate a set of MCP servers that meet enterprise security standards for their Azure customers).

• Apollo GraphQL MCP Server: Apollo’s MCP server deserves mention as a commercial-supported open tool. Apollo published this as part of their Apollo Enterprise suite but also made a version available on GitHub. It effectively auto-generates MCP tool schemas from a GraphQL schema – so if you have an existing GraphQL API, you can spin up the server and the AI will see each query/mutation as a callable tool with proper input/output spec[113][59]. This is powerful for enterprises with GraphQL backends (common in new applications), as it instantly makes those available to AI. Apollo’s documentation provides a quick-start on hooking it up and even includes how to enforce auth via API keys or OAuth on the GraphQL calls, showing how MCP can layer on top of existing security.

• Cloudflare Worker MCP Servers: Cloudflare’s tech blog detailed how to deploy remote MCP servers on their edge network[76]. They even open-sourced templates for doing this. It lets you run an MCP server close to your AI or data for low latency, with Cloudflare handling scaling. For example, one could deploy a “Slack MCP server” on Cloudflare that connects to the Slack API – then any AI client anywhere could connect to that endpoint (secured by Cloudflare Access) to interact with Slack data. Cloudflare’s interest indicates MCP servers don’t have to live on a user’s PC or a single server; they can be cloud services in their own right.

• Integration in AI Platforms and IDEs: On the client side, many applications are adding MCP compatibility:

• Claude AI (Anthropic) and ChatGPT (OpenAI) desktop apps allow users to configure MCP connections. For instance, in Claude’s desktop app settings you can add a connection string or local port for an MCP server, and then Claude will automatically list the tools from that server in a sidebar[48]. This makes it non-technical for end users – e.g., a lawyer could run a “Local File MCP server” pointing to a folder of PDFs, connect Claude to it, and then ask questions about those PDFs.

• VS Code Extensions: There are community VS Code extensions that act as MCP hosts, enabling VS Code’s built-in chat or code assistant to use MCP. Cursor AI (an AI coding assistant IDE) and JetBrains are also cited as “compatible clients” on the MCP site[114][115]. This means if you use those IDEs, you can plug in any MCP server to extend your AI’s reach (for example, connect to a Jira server so the AI can auto-generate a commit message and create a Jira ticket from it).

• Microsoft Semantic Kernel & Power Platform: Microsoft’s blog provided a guide to integrate MCP tools with Semantic Kernel, allowing low-code orchestration of MCP calls in C# apps[52]. Additionally, Microsoft’s Power Automate team is exploring MCP for their AI Builder – meaning business users could graphically drop an “AI action” that corresponds to an MCP call (e.g. “ask AI to summarize this report using data from SharePoint via MCP”). While experimental, it hints at commercial low-code tools embracing MCP to extend AI capabilities.

• IBM and Others: IBM’s AI Think platform, as we saw, includes educational content about MCP and likely some integration in their products. Other enterprise software like Dynatrace released their MCP server (for observability data) on GitHub[67]. Salesforce is reportedly working on MCP connectors for their CRM, given they have an Einstein GPT initiative which would benefit from standardized tool access (there was a mention of a Trailhead unit related to MCP reports[116], implying training material).
• Security and Management Tools: Recognizing that companies will deploy many MCP servers, some startups are making management layers – for example, dashboards to monitor MCP server health, usage analytics (which tools are used how often), and version control for server definitions. Also, tools for scanning MCP server code for vulnerabilities (since an insecure MCP server could be an attack vector if not coded carefully). These aren’t mainstream yet, but they are emerging as MCP usage grows. Think of it as analogous to API management (like Apigee) but for MCP endpoints.
• Containers and Deployment: Many MCP servers are distributed as Docker containers or via package managers (npm, pip). So teams can quickly spin up an off-the-shelf connector and configure it. For example, the Slack MCP server might be pip install mcp-slack-server then run with some config of Slack API keys. This devops-friendly packaging is crucial for adoption; it means adding a new integration is as easy as adding a microservice.
• Standards and Documentation: The MCP official site provides thorough documentation and a formal specification document[117]. It’s versioned (e.g. “2025-06-18” version), and contributions are discussed openly on GitHub. The site also lists key changes and a schema reference for developers. The community aspect is strong – a community forum (perhaps Discord or GitHub Discussions) exists where people share tips or request new features. For example, it was through community input that OAuth support and server-sent-events streaming were added to the spec to handle enterprise auth and long-running tasks[118]. As MCP evolves, tools are updated accordingly (most servers pin a spec version they support).

In sum, the MCP ecosystem is rapidly growing akin to an app ecosystem for AI. Open-source contributions ensure that there’s likely already a connector available (or at least a starting point) for many popular systems a team might want to integrate. Commercial players are integrating MCP into their platforms, which signals confidence that it’s here to stay. This ecosystem lowers the barrier for AI projects: instead of spending weeks writing glue code, a team can assemble existing MCP components. However, with so much out there, one challenge is quality control – not all community servers are of equal maturity. Enterprises might choose vetted connectors (some vendors may offer certified ones). Over time, we might see consolidation or official “MCP connector libraries” maintained by groups of companies (similar to how many contributed to LSP language servers).

Ultimately, the existence of marketplaces and many tools for MCP is a sign of a healthy standard. It reminds of how once a standard like HTML or REST took off, a whole ecosystem of servers, clients, and tooling followed. MCP appears to be following that trajectory in the AI agent world.

Implementing MCP: How Teams Can Get Started

For teams interested in leveraging MCP, the good news is that you don’t have to start from scratch. Here is some guidance on implementing MCP-compliant servers or integrating MCP into your AI systems:

1. Start with the Official Quickstart and SDKs: The MCP Quickstart Guide[119] (available on modelcontextprotocol.io) walks through building a simple MCP server – often a “Hello World” style example like an Echo server or a basic file reader. Following this guide using the SDK in your preferred language is a great way to grasp the basics. The SDK will handle setting up the JSON-RPC connection, so you can define a couple of resource or tool methods and see how an AI client calls them. Anthropic’s Claude 3.5 was reportedly even used to help generate boilerplate for new servers[63] – highlighting that you can use AI (maybe even Claude itself) to assist writing your connector code, guided by the spec.
2. Leverage Pre-Built Connectors: Before implementing a new MCP server, check the open-source repositories and marketplaces for an existing one. There’s a high chance someone has built at least a prototype for common systems. For example, if you need an MCP server for GitLab, search the community repos – you might find one that you can fork. This can save significant time. Even if the connector isn’t production-ready, it provides a reference for the API calls and data models needed. Many community servers have permissive licenses (MIT/Apache) so you can modify them for your own use. Just be sure to review security (e.g., remove any debug features, ensure dependencies are up to date, and add necessary auth checks).
3. Security First – Authentication & Authorization: When you implement your own MCP server for an internal system, you must think about how it will authenticate requests and authorize operations:

4. Authenticate the AI client: If your MCP server is remote (not running on the user’s machine), it should require authentication (e.g., an API key, token, or mutual TLS) so that only your intended AI agent can connect. The initial MCP spec didn’t mandate an auth scheme, but enterprise setups often use OAuth2 or API tokens to secure the channel[54]. For instance, Apigee’s reference MCP server uses OAuth tokens to authenticate calls[120]. If the AI host is something like Claude or ChatGPT on a desktop, typically that host app handles a local connection with no auth (assuming local = trusted). But for any client-server across a network, build in auth.

5. Authorize each tool/action: Within your server, implement permission checks if needed. For example, if you create an MCP server for a database, you might want to restrict which tables or queries the AI can run. Or if an action is destructive (deleting records), you might require a special flag or user confirmation. MCP’s design encourages hosts to ask user consent for tool use[28], but you can add server-side checks as a second layer (“the AI tried to call ‘delete_user’, but we’ll deny unless user explicitly allowed admin actions”). Many teams map user roles to allowed MCP tools; e.g., an AI acting on behalf of a read-only user should not expose write tools.

6. Logging and Audit: As you implement, ensure you use MCP’s logging hooks or simply add your own logging around each request. Log at least the tool name, parameters, and outcome. This will be invaluable for debugging and compliance. Some SDKs have built-in logging that you can enable. There are also patterns for correlating AI requests with user sessions (e.g., pass a session ID from the host to the server in the MCP initialization so that the server can include it in logs).
7. Host Integration (AI side): If you have your own AI application or are using an open-source agent, you need it to act as an MCP client/host. Many existing agents (LangChain, etc.) don’t natively speak MCP (yet). You might integrate by using the official MCP client library in the host application. For example, if you have a custom chatbot app, use the MCP SDK to create a client, connect to your servers, and then program your LLM to use those tools. If your agent is built with OpenAI’s function calling, you can still use MCP: treat MCP as the backend – e.g., define one OpenAI “function” that is basically call_mcp_tool(tool_name, params) and implement its logic to forward that to the MCP client. However, increasingly, AI providers handle this for you: Claude and ChatGPT apps now manage the MCP client under the hood – you just point them to the server and the AI will incorporate the new tools automatically in its reasoning.
8. Implementing an MCP Server – Best Practices: When coding an MCP server, here are a few tips gleaned from early implementations:

9. Keep servers single-responsibility: It’s better to have multiple small MCP servers than one gigantic one. For instance, one for “Database X” and another for “Salesforce” rather than one monolith that does everything. This aligns with MCP’s design principles of composability and isolation[121][122]. It makes debugging easier and limits blast radius (a bug in one connector won’t crash others).

10. Use Clear Schemas and Descriptions: Define the input/output schema for each tool or resource carefully (the SDK often uses decorators or JSON schema definitions). Include helpful descriptions – these get passed to the AI and help it understand how to use the tool properly. If you spend time on good documentation, you’ll find the AI uses your tools more effectively[108][123]. For example, describe not just “input: account_id (string)” but “input: account_id – the unique ID of the user’s account to retrieve balance for”.

11. Handle Errors Gracefully: If a tool call fails (exception, API error), return a structured error through MCP. The spec has error reporting guidelines and codes. By handling errors (like “network timeout” or “invalid parameters”) and returning an informative message, you allow the AI (or user) to adjust. Some servers even implement retries or alternative actions – e.g., if one API endpoint fails, they catch it and suggest the AI try a fallback tool. At minimum, logging errors and sending a clear error message helps maintain trust (the AI can say “I couldn’t retrieve the data because: permission denied” rather than just failing silently).

12. Progress and Cancellation: For long-running tools, consider using MCP’s support for progress updates or server-sent events. For instance, a tool that generates a lengthy report might periodically send progress notifications (supported by the protocol as an optional feature)[124]. Also implement cancellation if possible – if the user cancels the request in the UI, the host can send a cancel message to the MCP server (the spec defines a way to handle that). It’s these little features that make the integration feel smooth rather than brittle.

13. Testing with AI-in-the-loop: Once your server is up, test it with the actual model in a controlled setting. Sometimes you’ll find the AI doesn’t use a tool as expected or formats a query incorrectly. You may need to tweak the tool names or descriptions to be more intuitive. For example, if the AI confuses two tools, renaming them to be clearer (like search_transactions vs search_customers rather than both being search) can help. You might also add example usages in the description if the model supports seeing that. Essentially, treat it like API UX for an AI user!
14. Integrate into Team Workflow: After building and testing, deploy your MCP server (maybe containerize it) and make it accessible to your AI of choice. Ensure team members know how to connect their AI clients to it. If it’s internal, you might bake the connection into the AI’s interface. For instance, a company could fork the ChatGPT desktop app to auto-connect to their internal MCP servers on startup, so users don’t even have to configure anything. Provide training or documentation to your team explaining what new “abilities” the AI has with MCP. It can be useful to share example prompts that leverage the new tools (“Try asking the AI: What is the revenue this quarter? It will now use the MCP connector to fetch the data from our CRM.”).
15. Iterate and Monitor: Implementation isn’t one-and-done. Monitor usage: see which tools the AI uses frequently or where errors occur. This might lead you to refine the server or add new endpoints. Also stay updated with the MCP spec – join the community channels. If a new version comes (say, adding a feature you need like streaming input or improved security), plan to upgrade your servers. Because MCP is open, you might even contribute improvements or new servers back to the community, which is a great way to collaborate (some companies contribute non-sensitive parts of their connectors to get feedback and improvements).
16. Scaling and High Availability: If your MCP server becomes mission-critical (e.g., serving many AI requests), ensure you treat it like a production service. That means adding monitoring (you can instrument it to log to your monitoring system when it handles requests), possibly load-balancing if needed (MCP is stateful per session, but you can have multiple servers and direct different client sessions to different instances), and failover (the AI should handle if a server disconnects – most clients will attempt to reconnect, or you can design a fallback). Having multiple smaller servers also helps scale horizontally.
17. Security Audits: Since MCP servers often touch sensitive data, get them reviewed by security teams. They should check for things like injection vulnerabilities (if your server takes a query parameter and runs it against a DB, ensure you parameterize queries to avoid SQL injection from a malicious prompt – yes, prompt injection can try to trick the AI into sending bad queries). Also ensure the server doesn’t inadvertently leak data between sessions (each client connection is separate – ensure any in-memory cache or global doesn’t mix user data). Use MCP’s isolation principle as guidance: the server should consider each request in isolation except where context is explicitly allowed.
18. Community and Support: If you run into issues, the MCP community is a great resource. Many early implementers share their experiences on forums or Slack/Discord groups. Because multiple big companies are behind it, you may even find official support channels via Anthropic’s or OpenAI’s enterprise support if you’re a customer using MCP with their products. Don’t hesitate to ask questions or even request features – the protocol is evolving with input from its users.

By following these steps, teams can implement their own MCP-compliant servers or integrate existing ones relatively quickly and safely. The key is to think of MCP servers as extensions of your AI’s brain – they give it eyes and hands, in a controlled way. Implementation is often more about deciding what to expose and under what rules, rather than technical complexity (since the SDKs handle a lot). One team described their experience: they started with just six essential tools as an MCP server for their fintech app, got those working well, then gradually expanded to more tools once the pattern was proven[125][126]. This “start small, think big” approach is wise. MCP’s standardized nature means even those initial small wins are future-proof – they fit into the larger ecosystem. And as adoption grows, implementing MCP is becoming not just a technical task but a necessary skill for integrating AI in enterprise environments. It provides a clear pathway to move from isolated AI demos to fully integrated, context-rich AI solutions deployed in production.

Sources: The information in this report was gathered from the MCP specification and documentation[7][121], industry articles and announcements (e.g. Anthropic’s introduction of MCP[2], TechCrunch and VentureBeat coverage of OpenAI and Google’s adoption[127][128]), expert analyses[92][93], and real-world case studies shared by companies like Dynatrace, Apollo, and others[69][59]. These sources provide detailed insights into MCP’s design, its comparison with other AI integration approaches, and practical lessons from early deployments. The citations throughout the text refer to these references for verification and further reading.

[1] [3] [22] [33] [36] [37] [38] [39] [40] [41] [42] [51] [52] [55] [70] [71] [75] [76] [79] [110] [112] [127] [128] Model Context Protocol – Wikipedia

https://en.wikipedia.org/wiki/Model_Context_Protocol

[2] [23] [35] [48] [49] [50] [60] [62] [63] [119] Introducing the Model Context Protocol \ Anthropic

https://www.anthropic.com/news/model-context-protocol

[4] [5] [6] [16] [17] [24] [25] [26] [121] [122] Architecture – Model Context Protocol

https://modelcontextprotocol.io/specification/2025-06-18/architecture

[7] [8] [9] [10] [11] [12] [13] [14] [15] [27] [28] [29] [30] [31] [32] [117] [124] Specification – Model Context Protocol

https://modelcontextprotocol.io/specification/2025-06-18

[18] [19] [64] [72] [77] MCP Explained: The New Standard Connecting AI to Everything | by Edwin Lisowski | Medium

https://medium.com/@elisowski/mcp-explained-the-new-standard-connecting-ai-to-everything-79c5a1c98288

[20] [65] [66] [78] AI Agents vs. Model Context Protocol (MCP): Choosing the Best Approach | by YUSUFF ADENIYI GIWA | Medium

https://medium.com/@adeniyi221/ai-agents-vs-model-context-protocol-mcp-choosing-the-best-approach-a72723446eba

[21] [45] [46] [47] What is Model Context Protocol (MCP)? | IBM

https://www.ibm.com/think/topics/model-context-protocol

[34] [43] [44] [67] [68] [69] Agentic AI: Model Context Protocol, A2A, and automation’s future

https://www.dynatrace.com/news/blog/agentic-ai-how-mcp-and-ai-agents-drive-the-latest-automation-revolution/

[53] [54] [56] [57] [58] [118] [120] The agentic experience: Is MCP the right tool for your AI future? – Google Developers Blog

https://developers.googleblog.com/en/the-agentic-experience-is-mcp-the-right-tool-for-your-ai-future/

[59] Apollo GraphQL Launches MCP Server: a New Gateway Between AI …

https://www.infoq.com/news/2025/05/apollo-graphql-mcp/

[61] Apollo MCP Server – Apollo GraphQL Docs

https://www.apollographql.com/docs/apollo-mcp-server

[73] Model Context Protocol

https://modelcontextprotocol.io/

[74] Why Model Context Protocol (MCP) Is the Strategic Key to Enterprise …

https://www.fluid.ai/blog/why-mcp-is-the-key-to-enterprise-ready-agentic-ai

[80] An Open-Source MCP-FHIR Framework – arXiv

https://arxiv.org/html/2506.13800v1

[81] Kartha-AI/agentcare-mcp: MCP Server for EMRs with FHIR – GitHub

https://github.com/Kartha-AI/agentcare-mcp

[82] [83] [84] [85] [86] [87] [88] [89] [90] [91] [92] [93] [94] Model context protocol: the standard that brings AI into clinical workflow

https://kevinmd.com/2025/05/model-context-protocol-the-standard-that-brings-ai-into-clinical-workflow.html

[95] [96] [97] [98] [99] [102] [103] [104] [105] [106] [107] [108] [123] [125] [126] How We Deployed the MCP Protocol for a Fintech Blockchain App | Blog

https://www.codiste.com/mcp-protocol-deployment-for-fintech-blockchain-app

[100] Datadog MCP Server: Connect your AI agents to Datadog tools and …

https://www.datadoghq.com/blog/datadog-remote-mcp-server/

[101] RegGuard MCP Server | MCP Servers · LobeHub

https://lobehub.com/it/mcp/your-username-regguard-mcp

[109] Skyflow Unveils MCP Data Security for Enterprises and SaaS …

https://finance.yahoo.com/news/skyflow-unveils-mcp-data-security-140000746.html

[111] [114] [115] Model Context Protocol – Model Context Protocol

https://modelcontextprotocol.io/overview

[113] Getting started with the Model Context Protocol and GraphQL

https://www.apollographql.com/tutorials/intro-mcp-graphql/01-what-is-mcp

[116] Work with Reports in MCP | Salesforce Trailhead

https://trailhead.salesforce.com/content/learn/modules/interaction-studio-basics/work-with-reports-in-mcp