What is Model Context Protocol?
Model Context Protocol (MCP) is an open standard, introduced by Anthropic in November 2024, that defines how AI models connect to external data sources and tools. It is a client-server protocol: MCP servers expose tools and data; MCP clients (AI assistants like Claude Code or Cursor) call those tools during a conversation or task.
Before MCP, giving an AI assistant access to your production environment meant either copy-pasting data manually or building bespoke integrations for each tool. MCP standardises the interface — one server exposes everything; any MCP-compatible client can use it.
The simplest analogy: MCP is to AI agents what REST APIs are to web applications. It's the standard interface layer that connects intelligence to data.
How MCP works
MCP operates over a client-server architecture with three primitives:
Tools
Functions the AI can call — query a database, restart a service, read a file, create a ticket. Tools are the action layer. The model decides when to call them; MCP handles the transport.
Resources
Data the AI can read — files, database records, API responses, documentation. Resources are the context layer. The model reads them to understand current state before acting.
Prompts
Reusable templates for common tasks. A prompt for 'summarise recent incidents' pre-structures how the model should approach the task and what resources to fetch.
The flow: the AI client (Claude Code, Cursor) sends a request to the MCP server. The server executes the tool call or fetches the resource. The response comes back to the model as structured data. The model uses that data to continue reasoning.
MCP vs function calling vs RAG
| Approach | What it is | Limitation vs MCP |
|---|---|---|
| Function calling | Model calls predefined functions exposed by the app | Bespoke per-app; no standard; tight coupling to one model provider |
| RAG (Retrieval Augmented Generation) | Retrieve relevant documents and inject into context | Read-only; no actions; latency for retrieval on every call |
| MCP | Standardised protocol for tools and data across any server | Requires MCP server setup; relatively new ecosystem |
Which AI tools support MCP?
As of mid-2026, MCP is supported by:
- Claude Code (Anthropic CLI) — native MCP support, runs servers defined in project config
- Cursor — MCP servers configurable in Cursor settings
- Claude.ai (desktop app) — MCP servers via integrations panel
- VS Code Copilot — MCP support via extension
- Zed, Windsurf, and growing ecosystem of IDE tools
- LangChain, LangGraph, AutoGen — MCP client adapters available
What MCP means for production engineering
MCP changes the economics of AI-assisted operations. Previously:
- Engineer copies logs from Datadog into a chat window
- Pastes in the service dependency map
- Types out the incident timeline
- Gets a suggestion, implements it manually
With MCP:
- Engineer types: "investigate the latency spike on payment-service"
- Agent queries Datadog, reads the service catalog, checks recent deploys — all via MCP tools
- Agent proposes a rollback, opens a PR — via MCP actions
- Engineer reviews and approves
The human is still in the loop — but for judgment, not execution. That is the core value of MCP in production contexts.
The risk: MCP tools with unrestricted access to production are dangerous. An agent that can call any tool, at any time, without approval gates creates real security and cost exposure. Production MCP deployments need a governance layer — policy controls on which tools can be called, by which agents, under which conditions.
MCP server examples for engineering teams
GitHub MCP server
Read repos, issues, PRs; create branches; comment on reviews. Available officially from GitHub.
Kubernetes MCP server
Query pod status, logs, deployments, events. List services and their health.
Postgres MCP server
Run read-only SQL queries against your databases from your IDE.
Exemplar MCP server
Query incidents, service catalog, vendor statuses, and trigger governed Day 2 actions — with approval gates.
AWS MCP server
Read EC2, RDS, CloudWatch metrics. Describe infrastructure state without leaving the IDE.
Linear / Jira MCP server
Create and update tickets, read sprint data, link incidents to issues.
Frequently asked questions
Is MCP only for Anthropic / Claude?
No. MCP is an open standard. While Anthropic introduced it, the protocol is model-agnostic. OpenAI, Google, and the broader ecosystem have adopted it. Any LLM client can implement MCP support.
Is MCP secure?
MCP is a transport protocol, not a security layer. Security comes from the MCP server implementation — access controls on which tools are exposed, authentication, rate limiting, and audit logging. A well-designed MCP server is secure; a naïvely built one is not.
What language do I use to build an MCP server?
MCP SDKs are available for TypeScript/JavaScript and Python (both officially maintained by Anthropic). Community SDKs exist for Go, Rust, Java, and others.
How is MCP different from OpenAI's tools/function calling?
OpenAI's function calling is a proprietary interface for one model provider. MCP is an open protocol any tool can implement once and any MCP-compatible client can call. Write your MCP server once; use it from Claude Code, Cursor, and any future MCP client.
Related reading: agents, context, and guardrails, what is agentic DevOps, and AI didn't remove engineering judgment.