The latest update to the Model Context Protocol, or MCP, is giving enterprises a clearer path to move AI agents from pilot projects into real production environments. Marking the project’s first year, the new spec introduces stronger security measures, support for long-running workloads, and cleaner integration standards backed by AWS, Microsoft, and Google Cloud.
The upgrade arrives at a moment when organisations are moving away from fragile, custom-built AI hookups. Instead, they want systems that can connect to corporate data stores, run reliably, and avoid piling on technical debt. The MCP update is designed for exactly that shift.
Ryan Daws
From early experimentation to practical infrastructure
Over the past year MCP has grown far beyond its roots as a developer experiment. Since September, the public registry has expanded by more than four hundred percent and now lists close to two thousand servers. That growth reflects a broader trend across the industry as companies move from small AI pilots to deeper, structural adoption.
Satyajith Mundakkal, Global CTO at Hexaware, says MCP has evolved into a practical way to connect AI systems to real business data. Microsoft reinforced that momentum by adding native MCP support to Windows 11, placing the standard directly into the operating system layer.
This software progress is happening in parallel with a rapid scale-up in hardware. Mundakkal points to massive build-outs such as OpenAI’s Stargate program as signs that compute resources and the data flowing through them are expanding faster than ever. MCP is becoming a core part of the plumbing that feeds those systems.
Until now, most AI connections to databases were synchronous and short-lived. That approach works for quick interactions, but it breaks down when a task involves hours of processing or complex sequencing. The new Tasks feature fixes this by giving servers a standard way to track work, report status, and recover safely if something goes wrong. Operations teams can now run long jobs without fear of timeouts, which finally brings durability to agent-based workflows.
A major step forward for AI security
Security concerns have kept many enterprises from moving agents into production. CISOs often worry that AI systems create a broad and unpredictable attack surface. Their concerns are not abstract. By mid-2025, researchers identified roughly eighteen hundred MCP servers exposed publicly, suggesting wider adoption than many realised.
The latest spec update addresses those risks directly. A key improvement is URL-based client registration, which replaces the more cumbersome Dynamic Client Registration process. Clients can now register using a unique ID tied to a self-managed metadata document, cutting administrative friction.
Another important addition is URL Mode Elicitation. This allows a server to route users to a secure browser window for sensitive credentials. An AI agent never sees the password; it only receives the resulting token. This separation is crucial for industries that must follow strict payment or compliance rules.
Harish Peri, SVP at Okta, says these changes help bring the access control and oversight needed for a secure AI ecosystem.
A lesser known update, Sampling with Tools, gives servers the ability to use tools and run reasoning loops without relying on custom client code. It shifts more intelligence closer to the data, which can speed up tasks like research, analysis, and report generation.
Still, technical upgrades alone do not guarantee safety. Enterprises will need stronger monitoring and observability around MCP servers. Mayur Upadhyaya, CEO at APIContext, argues that after a year of adoption, visibility is the next big challenge. Teams will need to validate authentication flows and watch MCP uptime with the same rigor they apply to traditional APIs. Mundakkal adds that pairing MCP with strong identity controls and RBAC from day one is essential.
Industry support signals broader adoption
A standard gains strength from its ecosystem, and MCP’s is expanding fast. Microsoft is using it across Azure, GitHub, and M365. AWS is integrating it into Bedrock. Google Cloud is supporting it through Gemini. The shared commitment reduces vendor lock-in and gives developers cleaner portability. A connector built for MCP should work across multiple AI platforms with minimal friction.
This is a sign that the foundational phase of enterprise AI is settling. Open standards are winning, and the focus is shifting toward readiness rather than reinvention. Organisations evaluating their AI strategy should review internal APIs for MCP compatibility and confirm that the new registration model fits within existing identity frameworks.
