Technical
Model Context Protocol (MCP)
An open protocol that lets AI agents connect to external tools, data sources, and services in a standardized way.
The Model Context Protocol (MCP) is an open standard developed by Anthropic that enables AI agents to interact with external systems through a consistent interface. MCP defines how agents discover available tools, request actions, and receive results — similar to how HTTP standardized web communication.
MCP is relevant to AI governance because:
- It dramatically expands what AI agents can do (file access, database queries, API calls, code execution)
- MCP servers may expose sensitive capabilities without adequate access controls
- The protocol is being adopted rapidly by AI coding assistants (Cursor, Claude Code, Windsurf)
- Organizations may have MCP servers deployed without security team awareness
MCP server security is an emerging concern — thousands of MCP servers exist on GitHub, many with minimal security review.
Why it matters
MCP is to AI agents what APIs were to web applications. It's a powerful capability multiplier — and a new attack surface that security teams need to understand and govern.