AI
Model Context Protocol (MCP)
What MCP is, why every major AI vendor adopted it in 2025, and the security model engineering teams need to understand before exposing tools.
The Model Context Protocol is an open standard for connecting AI assistants to external tools and data sources. Anthropic published the initial spec in November 2024; by mid-2025 OpenAI, Google, Microsoft, and the major IDE vendors had all shipped MCP support. It is now the de facto integration protocol between LLMs and the rest of the software ecosystem.
The protocol is simple by design — a JSON-RPC interface over stdio or HTTP — but the operational surface is large. MCP servers expose resources, tools, and prompts; clients (the AI assistant) decide which to surface to the model. Notifire tracks vendor releases, security incidents, and the emerging best practices around MCP server design.
Latest briefings on Model Context Protocol (MCP)
No briefings on this topic yet. Subscribe to the feed and we’ll cover it as the news cycle moves.
Frequently asked questions
What is MCP in one sentence?
An open JSON-RPC protocol that lets AI assistants discover and call external tools, fetch documents, and access prompts — published by Anthropic and now adopted by every major AI vendor.
How does MCP differ from OpenAI function calling?
Function calling is an LLM API contract — the model emits a tool-call request and the calling application executes it. MCP is a transport-level standard for HOW the tool catalog is published, discovered, and invoked. The two compose: an MCP server defines the tool catalogue; function calling is how the model selects from it.
What is the security model of MCP?
MCP servers run as separate processes with their own permission model. The client (AI assistant) decides which servers to enable and which tools within each server the user has approved. The protocol provides no built-in authorisation — each server is responsible for authenticating callers and limiting blast radius.
Are there public MCP servers?
Yes — community servers exist for filesystem access, GitHub, Postgres, Notion, Slack, Linear, and many more. Anthropic maintains a registry. Each one is a separate runnable process; users add them to their MCP client configuration explicitly.