--- title: "The Zuplo State of MCP Report" description: "Everyone has an opinion on MCP's future. We asked the people actually building with it what they think about adoption, security challenges, and whether the protocol has staying power for our State of MCP report." canonicalUrl: "https://zuplo.com/blog/2026/01/13/mcp-survey" pageType: "blog" date: "2026-01-13" authors: "josh" tags: "Model Context Protocol" image: "https://zuplo.com/og?text=Zuplo%20State%20of%20MCP%20Report" --- MCP dominated the AI developer conversation in 2025. From [Anthropic's initial release](https://www.anthropic.com/news/model-context-protocol) to OpenAI and Google announcing support, the protocol went from interesting experiment to infrastructure bet in less than a year. By December, Anthropic had [donated MCP to the Linux Foundation](https://www.anthropic.com/news/donating-the-model-context-protocol-and-establishing-of-the-agentic-ai-foundation), establishing the Agentic AI Foundation to steward its future. Anthropic continues to invest here with the recent hire of [Den Delimarsky](https://den.dev/) from Microsoft to work on MCP. The signal was clear: this isn't a proprietary play, it's a bet on an open standard. But what do the people actually building with it think? From mid-November to mid-December 2025, we surveyed technical professionals from our network and the broader MCP community with a strong understanding of building with, and for, Model Context Protocol. Here's what we found. [Read the full State of MCP Report →](https://zuplo.com/mcp-report) ## TL;DR MCP is API development If you suspected that most MCP servers are just APIs with a different interface, you were right. 58% of MCP builders are wrapping existing APIs rather than building from scratch. Only 23% are creating new APIs specifically for MCP. This confirms what many of us already knew: MCP isn't a replacement for your API strategy. It's an extension of it. The teams moving fastest with MCP are the ones treating it like what it is: another way to expose the APIs they've already built in a new era of tooling. ## Is MCP losing steam? 72% of respondents expect their MCP usage to increase over the next 12 months. 54% are confident MCP will persist or become an industry standard. And 40% expect MCP to account for a quarter to half of their AI tool usage within the year. That's not a technology fading into irrelevance. That's a technology moving from experimentation to integration. ## Security is still a concern MCP auth and the challenges it presents have been a confusing mess for some time. It's no surprise that security and access control is the top challenge for builders, cited by 50% of respondents. A quarter of MCP servers have no authentication at all. And 38% say security concerns are actively blocking increased adoption. The other finding that stood out: 58% of MCP builders are wrapping existing APIs rather than building from scratch. MCP development mirrors API development, and the teams succeeding with MCP are treating it that way. ## MCP in 2026 The protocol itself is still evolving. New patterns like Code Mode, originally [outlined by Cloudflare](https://blog.cloudflare.com/code-mode/), [supported by Goose](https://block.github.io/goose/blog/2025/12/15/code-mode-mcp/), and further [supported by Claude](https://www.anthropic.com/engineering/code-execution-with-mcp) are emerging to help agents handle larger tool sets and chain calls more efficiently. This kind of iteration does, however, present a possible challenge to MCP in the longer term. The core protocol provides the standardization the ecosystem needs, but implementation approaches, brought on by the challenges increased and varied usage brings, continue to mature. Expect more shifts like this as teams figure out what actually works in production and as companies decide on their ideal approaches to keeping the context window free of bloat. ## Why this matters for how you build MCP is just a new type of API, like GraphQL or REST before it. And like any API, the fundamentals still apply: authentication, rate limiting, access control, and monitoring. The teams succeeding with MCP aren't reinventing the wheel. They're applying the same best practices that have worked for APIs all along. This is exactly why we built MCP server capabilities into Zuplo and added an [MCP Gateway](https://zuplo.com/mcp-gateway) (currently in private beta) to our overall product offering. If you already have APIs, you can [expose them as MCP tools](https://zuplo.com/docs/mcp-server/introduction) without starting from scratch. The 24% of respondents running servers with no authentication? That's an easy solve with built-in OAuth and API key support. The 50% who cited security and access control as their top challenge? That's what an API gateway is designed to handle. Since most builders are wrapping existing APIs anyway, Zuplo lets you meet MCP where the work already is without completely rebuilding from scratch. ## Read the full report We've published the complete findings covering confidence levels, productivity impacts, security challenges, hosting patterns, and what needs to change for MCP to reach its potential. [Get the State of MCP Report →](https://zuplo.com/mcp-report)