MCP dominated the AI developer conversation in 2025. From Anthropic's initial release to OpenAI and Google announcing support, the protocol went from interesting experiment to infrastructure bet in less than a year. By December, Anthropic had donated MCP to the Linux Foundation, establishing the Agentic AI Foundation to steward its future.
The signal was clear: this isn't a proprietary play, it's a bet on an open standard. But what do the people actually building with it think?
From mid-November to mid-December 2025, we surveyed technical professionals from our network and the broader MCP community with a strong understanding of building with, and for, Model Context Protocol. Here's what we found.
Read the full State of MCP Report →
TL;DR MCP is API development
If you suspected that most MCP servers are just APIs with a different interface, you were right. 58% of MCP builders are wrapping existing APIs rather than building from scratch. Only 23% are creating new APIs specifically for MCP.
This confirms what many of us already knew: MCP isn't a replacement for your API strategy. It's an extension of it. The teams moving fastest with MCP are the ones treating it like what it is: another way to expose the APIs they've already built in a new era of tooling.
Is MCP losing steam?
72% of respondents expect their MCP usage to increase over the next 12 months. 54% are confident MCP will persist or become an industry standard. And 40% expect MCP to account for a quarter to half of their AI tool usage within the year.
That's not a technology fading into irrelevance. That's a technology moving from experimentation to integration.
Security is still a concern
MCP does have real problems to solve. Security and access control is the top challenge for builders, cited by 50% of respondents. A quarter of MCP servers have no authentication at all. And 38% say security concerns are actively blocking increased adoption.
The other finding that stood out: 58% of MCP builders are wrapping existing APIs rather than building from scratch. MCP development mirrors API development, and the teams succeeding with MCP are treating it that way.
MCP in 2026
The protocol itself is still evolving. New patterns like Code Mode, originally outlined by Cloudflare, supported by Goose, and further supported by Claude are emerging to help agents handle larger tool sets and chain calls more efficiently.
This kind of iteration is a sign MCP is here to stay for now. The core protocol provides the standardization the ecosystem needs, while implementation approaches continue to mature. Expect more shifts like this as teams figure out what actually works in production.
Why this matters for how you build
The survey makes clear that MCP isn't going away, but it also isn't ready for production without proper infrastructure. The teams moving fastest are those applying API management best practices: authentication, rate limiting, access control, and monitoring.
This is exactly why we built MCP server capabilities into Zuplo.
If you already have APIs, you can expose them as MCP tools without starting from scratch.
The 24% of respondents running servers with no authentication? That's an easy solve with built-in OAuth and API key support.
The 50% who cited security and access control as their top challenge? That's what an API gateway is designed to handle.
Since most builders are wrapping existing APIs anyway, Zuplo lets you meet MCP where the work already is without completely rebuilding from scratch.
Read the full report
We've published the complete findings covering confidence levels, productivity impacts, security challenges, hosting patterns, and what needs to change for MCP to reach its potential.
