How the MCP Spec Update Enhances Security as Infrastructure Grows
The latest update to the Model Context Protocol (MCP) specification strengthens enterprise infrastructure by introducing tighter security measures. This advancement supports the transition of AI agents from experimental pilots to full production environments. Created by Anthropic, the open-source MCP project marked its first anniversary with a revised specification aimed at addressing operational challenges that have kept generative AI agents from scaling effectively.
Backed by major cloud providers such as Amazon Web Services (AWS), Microsoft, and Google Cloud, the update introduces support for long-running workflows and enhanced security controls. This marks a significant shift away from fragile, custom-built integrations toward more robust, scalable solutions. Enterprises now have the opportunity to deploy agentic AI capable of reading and writing to corporate data stores without accumulating excessive technical debt.
How the MCP Spec Advances AI Infrastructure Integration
The focus of MCP has evolved from being a developer curiosity to becoming a practical infrastructure tool. Since its launch, the MCP registry has grown by 407 percent, now hosting nearly two thousand servers. This rapid expansion reflects a broader shift from experimental chatbots toward deep structural integration of AI into enterprise systems.
Satyajith Mundakkal, Global CTO at Hexaware, highlights this transformation, stating that MCP has become a practical method to connect AI with the systems where work and data reside. Microsoft has demonstrated this shift by integrating native MCP support into Windows 11, embedding the standard directly into the operating system layer.
Alongside this software standardization, there is a significant hardware scale-up. Mundakkal points to OpenAI’s multi-gigawatt ‘Stargate’ program as an example of unprecedented infrastructure growth. These developments signal that AI capabilities and the data they rely on are expanding rapidly. MCP serves as the essential plumbing that connects these vast compute resources, ensuring AI systems can access data securely and efficiently.
Previously, connecting large language models (LLMs) to databases was mostly synchronous, suitable for simple tasks like checking the weather. However, this approach falls short for complex operations such as migrating codebases or analyzing healthcare records. The new ‘Tasks’ feature (SEP-1686) changes this by providing a standard way for servers to track ongoing work. Clients can poll for status updates or cancel jobs if necessary, enabling agents to run for extended periods without timing out. This support for states like working or input_required adds resilience to agentic workflows, making them more reliable for enterprise use.
Security Improvements in the MCP Spec Update
Security remains a critical concern for Chief Information Security Officers (CISOs), as AI agents can appear to create a large and uncontrolled attack surface. Security researchers found approximately 1,800 MCP servers exposed on the public internet by mid-2025, suggesting that private infrastructure adoption is even broader. Without proper management, MCP could lead to integration sprawl and increased vulnerability.
To address these risks, the MCP maintainers improved the Dynamic Client Registration (DCR) process. The update introduces URL-based client registration (SEP-991), where clients provide a unique ID linked to a self-managed metadata document. This approach reduces administrative bottlenecks and streamlines secure client onboarding.
Another key feature is ‘URL Mode Elicitation’ (SEP-1036), which allows servers—such as those handling payments—to redirect users to secure browser windows for credential entry. The AI agent never sees the password; it only receives a token. This design keeps core credentials isolated, a vital requirement for compliance with standards like PCI.
Harish Peri, Senior Vice President at Okta, emphasizes that these enhancements provide the necessary oversight and access control to build a secure and open AI ecosystem.
One less noticed but important addition is ‘Sampling with Tools’ (SEP-1577). Previously, servers acted as passive data fetchers. Now, they can run their own loops using the client’s tokens. For example, a “research server” can spawn sub-agents to search documents and synthesize reports without requiring custom client code. This capability moves reasoning closer to the data, improving efficiency and security.
However, establishing these connections is only the first step. Mayur Upadhyaya, CEO at APIContext, notes that the initial year of MCP adoption has shown that enterprise AI integration starts with exposure rather than complete rewrites. The next challenge is gaining visibility. Enterprises will need to monitor MCP uptime and validate authentication flows with the same rigor applied to APIs today.
The MCP roadmap reflects this need by targeting improvements in reliability and observability to aid debugging. Mundakkal advises that treating MCP servers as “set and forget” invites trouble. Instead, MCP should be paired with strong identity management, role-based access control (RBAC), and observability from the outset.
Industry Adoption and the Future of MCP Infrastructure
A protocol’s value depends on its adoption. In the year since MCP’s original release, nearly two thousand servers have implemented the standard. Microsoft uses MCP to connect GitHub, Azure, and Microsoft 365. AWS integrates it into Bedrock, while Google Cloud supports MCP across its Gemini platform.
This broad adoption reduces vendor lock-in. For instance, a Postgres connector built for MCP can work seamlessly across Gemini, ChatGPT, or an internal Anthropic agent without requiring rewrites. The “plumbing” phase of generative AI is stabilizing, and open standards like MCP are winning the connectivity debate.
Technology leaders should audit their internal APIs for MCP readiness, focusing on exposure rather than rewriting existing systems. They should also verify that the new URL-based registration aligns with current identity and access management frameworks. Establishing monitoring protocols immediately is essential.
While the latest MCP spec update remains backward compatible with existing infrastructure, its new features are crucial for integrating AI agents into regulated, mission-critical workflows securely. Enterprises adopting MCP now are laying the groundwork for scalable, secure AI infrastructure that can grow alongside their data and compute needs.
For more stories on this topic, visit our category page.
Source: original article.