What’s new with MCP?
Checking in on the latest version of the protocol, on broader MCP server adoption, and the growing pains that come with it.
It’s been a big few months for the Model Context Protocol. Let’s check in!
Things That Are Going Well
Developer Engagement
Interest and engagement from the developer community continues to grow:
The enthusiasm isn’t just on GitHub. The MCP Developers Summit in late May sold out, and interest in MCP led the AI Engineer World’s Fair to create a dedicated track of talks — and even a custom MCP server just for the conference.
Technical Progress
Last week saw the release of a new MCP specification (think: major version upgrade). The new spec includes long-awaited upgrades to things like authentication, security, and elicitation (how the server asks users for input):
Easier Setup + Access
MCP Clients (like Cursor or Claude) have made big strides in making MCP servers easier to install and use. Instead of requiring users to edit JSON config files, setup now often takes just a few clicks:
This ease of access is spreading. Model providers are in a “feature arms race” to support more MCP-related features at lower plan tiers.
In early May, MCP servers were only available on Anthropic’s $100/month plan and above; now, both ChatGPT and Claude offer some level of MCP support at every paid tier:
(Notably absent from this conversation is Google. They have promised to support MCP servers, but for now Gemini only connects to other Google services.)
Things That Aren’t Going So Well
Inconsistent Branding
As products add MCP functionality, they often avoid the term “MCP Server” altogether.
Unlike features like "deep research" or "reasoning models," which have common labels across tools, MCP functionality is branded differently everywhere:
I’m torn in how I feel about this.
On one hand, the term “MCP Server” is opaque and confusing. Friendlier names like “Connectors” and “Integrations” improve clarity and adoption. This is also par for the course for most protocols; end-users don’t need to know that “Log in with Google” uses OAuth under the hood.
But, the inconsistency is unfortunate. I worry that the different names will confuse users and slow adoption. But hopefully I’ll be proven wrong, or we’ll eventually see everyone converge to a single term — even if it doesn’t include ‘MCP’.
Discovery Remains Messy
Another pain point: there’s still no standardized MCP registry.
Each MCP Client (Cursor, ChatGPT, etc.) highlights its own set of preferred or integrated servers—but there’s little rhyme or reason to what’s available where (without custom setup):
Here’s a version focused on just where there’s overlap:
Some patterns make sense:
Cursor and Windsurf showcase more servers because they serve devs who are further along in MCP adoption.
OpenAI has focused on MCP servers that support search/retrieval (e.g. Dropbox, Gmail) for use in deep research, rather than action-triggering servers like Zapier or Stripe.
Beyond that, though, this list looks sort of random because it is.
There’s an official MCP registry in the works, which should help with discovery and comparison—but today, it’s hard to understand what’s available, where, or why.
And that registry will just standardize information availability; standard security screening is still largely unsolved. Speaking of which…
Security is Still Catching Up
Last week, I wrote about my unfortunate experience with a Memory MCP server that mixed up my memories with someone else’s (yikes). Ultimately, though, that was an early stage startup’s MVP.
Asana, on the other hand, is a $700M company serving enterprise users. They were also one of Anthropic’s early ‘recommended MCP servers’ and an early adopter/prompter of MCP.
And yet, unfortunately, Asana had to take their MCP server offline for two weeks after their team discovered a vulnerability that could have “potentially exposed certain information from your Asana domain to other Asana MCP users.”
While Asana’s incident report hasn’t shared many details, there’s no evidence that actual data was leaked, and the mistake is an implementation error, rather than an issue with the Model Context Protocol itself.
Still, this is scary. Asana is a large, trusted company. Also, the MCP server was available for more than a month (!!) before the Asana team caught the issue.
We’re starting to see user enthusiasm for MCP outpace the maturity of the tooling. Testing, monitoring, and security practices need to catch up fast!
Looking Forward
Overall, I’m really just excited that MCP is entering the mainstream, and that non-developer-users are getting to experience the value directly from inside Claude or ChatGPT.
In a few more months, I look forward to writing about how security scanning is table stakes, server discovery happens dynamically, right in the chat window, and maybe, just maybe, we’ve all settled on one name :)