MCP protocol reaches 10,000 servers as Linux Foundation backs standard for AI agents

The Model Context Protocol has crossed 10,000 published servers one year after launch, cementing its position as the de facto standard for connecting AI agents to enterprise systems. The Linux Foundation recently announced the Agentic AI Foundation with MCP as its core protocol, signaling institutional backing for what started as an Anthropic project.

MCP is a JSON-RPC 2.0-based protocol that lets AI agents access tools, data sources, and APIs without custom integrations for each connection. Claude, Microsoft Copilot, Google Gemini, VS Code, and ChatGPT all support it. Red Hat integrated MCP into OpenShift AI for lifecycle management through registries and gateways.

What enterprises are actually using it for

Deployments range from developer tools to Fortune 500 production systems. Security teams use MCP for threat hunting workflows. Engineering teams deploy it for context-aware coding assistants. The protocol handles OAuth 2.1, RBAC, and stateful workflows, which matters when agents need persistent access to enterprise resources.

Red Hat's integration suggests MCP is moving beyond experimentation. When vendors build lifecycle management and registry systems, they're betting on production adoption.

The security problem no one wants to talk about

Security researchers aren't celebrating. Unsecured MCP servers create what one analysis called "USB-C ports for AI vulnerabilities." The protocol makes it easy for agents to access sensitive resources, which means it also makes it easy to expose them. Supply chain attacks, isolation failures, and authentication bypasses are documented risks.

Cisco released an MCP Scanner. OWASP added MCP-specific guidance to its Top 10. The pattern is familiar: adoption outpaces security hardening. Organizations deploying MCP need encryption, strong authentication, and comprehensive audit logging. The protocol doesn't enforce these, it enables them.

What this means in practice

MCP's dominance isn't guaranteed. The Agent-to-Agent (A2A) protocol is gaining traction for multi-agent collaboration, which MCP doesn't handle as cleanly. The real test comes when enterprise architects choose between MCP's broad tool access and A2A's orchestration capabilities.

For now, MCP leads because it solved the integration problem first. More than 10,000 servers means network effects matter. But the security gaps are real, and production deployments need more than the reference implementation provides. The difference between a protocol that works in demos and one that works at scale comes down to error handling, connection pooling, circuit breakers, and timeout management. Those aren't in the spec.

The Linux Foundation's backing suggests MCP will be around. Whether it becomes the standard or just another integration option depends on how quickly the security and resilience patterns catch up to adoption.