---
title: "One Year of MCP"
description: "A look back at how the Model Context Protocol went from quiet launch to rapid industry adoption, solving the AI integration problem and winning over OpenAI, Google, and thousands of developers along the way."
canonicalUrl: "https://zuplo.com/blog/2025/11/24/one-year-of-mcp"
pageType: "blog"
date: "2025-11-24"
authors: "martyn"
tags: "Model Context Protocol"
image: "https://zuplo.com/og?text=One%20Year%20of%20MCP"
---
In late November 2024,
[Anthropic released the Model Context Protocol](https://www.anthropic.com/news/model-context-protocol).
It showed up on Hacker News and in our LinkedIn feeds. "That's nice," we
thought. "I'll make a note to check that out sometime." Some developers tried it
out. Most were focused on other things. Turkey probably.

A year later, the turkey is long gone and the AI landscape looks completely
different. MCP is now a large part of it.

Over 16,000 MCP servers exist in the wild. OpenAI has adopted it across ChatGPT
(sort of), their Agents SDK, and their Responses API. Google DeepMind announced
MCP support for Gemini. Companies like GitHub, Block, Apollo, Replit,
Sourcegraph, Linear, Zapier and many others have integrated it into their
platforms. At Zuplo we launched MCP support to help developers expose their API
routes as MCP tools quickly, with all the security trimmings that an API gateway
offers baked right in.

MCP went from "interesting protocol" to "rapidly adopted standard" in less than
a single year.

This isn't just another AI hype cycle playing out. This is what happens when an
open standard begins to solve a real infrastructure problem at exactly the right
moment.

<div align="center">
  _**We're running a survey for developers to understand the current state of
  MCP**
  <br />
  Share your insights (it'll only take a few minutes) and you could win a $100
  Amazon voucher
  <br />
  [zuplo.link/mcpsurvey](https://zuplo.link/mcpsurvey?utm_source=zuplo-blog)_
</div>

## The Infrastructure Layer We Didn't Know We Needed

Before MCP, connecting AI models to data sources meant writing custom code.

Your AI assistant needs to check your calendar? Custom integration. It needs to
search your Google Drive? Another custom integration. Access your CRM? Yet
another one. Query your internal database? You get the idea. Plenty of companies
were working on solving exactly this problem. I know because I worked for one.

Each connection required its own implementation, its own authentication flow,
its own error handling, its own maintenance burden (and it really is a
_burden_). Every new AI model meant rebuilding all of those integrations. Every
new data source meant adding support across all your AI tools.

It doesn't scale. It can't scale.

We've seen this pattern before. HTTP standardized how computers talk to each
other on the web. SQL standardized how applications query databases. OpenAPI
standardized how we describe and document REST APIs.

Standards win because they reduce friction. They enable ecosystem growth. They
let developers stop building plumbing and start building products.

MCP did for AI context what these protocols did for their domains. It created a
universal way for AI systems to access external data and tools. Any AI tool that
supports MCP can connect to any MCP server. Write the integration once, use it
everywhere.

The "USB-C for AI" metaphor stuck because it's accurate.

## From Zero to Ubiquitous

Let's take a look at the journey so far:

### November 2024: The Release

Anthropic released MCP as an open standard with an open-source implementation.
They included SDKs for Python and TypeScript, along with reference
implementations for popular services like Google Drive, Slack, GitHub, and
Postgres.

Claude Desktop became the first major application to support MCP, as you would
expect. Users could edit a JSON configuration file to connect Claude to their
local tools and data sources. It worked, but the use case felt narrow. This
seemed like a power user feature, not a fundamental shift.

The community started building and developers created MCP servers for their
favorite tools. The GitHub repository filled with examples. But adoption was
still small, still niche, almost uncertain as to whether this was really worth
the time.

### March 2025: OpenAI Makes it Legit

Sam Altman [posted on X](https://x.com/sama/status/1904957253456941061): "people
love MCP and we are excited to add support across our products."

OpenAI adopted MCP across their product line and _this_ was the signal that
people had been waiting on. MCP wasn't just Anthropic's thing anymore. It was
becoming an industry standard.

With that the attitude to adoption of MCP shifted. Before March, companies were
asking "should we support this?" After March, they were asking, "when can we
ship this?"

### April 2025: Google Agrees

Demis Hassabis, CEO of Google DeepMind,
[confirmed MCP support](https://x.com/demishassabis/status/1910107859041271977)
for Gemini models and their infrastructure. His words mattered: "MCP is a good
protocol and it's rapidly becoming an open standard for the AI agentic era."

When the three major AI labs (Anthropic, OpenAI, and Google) get behind a
standard, that standard becomes something you can build on. You can rely on it
(sort of) and begin to make architectural decisions based on it.

Developer tool companies followed quickly. Replit added MCP support. So did
Cursor and then VS Code. They were building MCP into the core of their products
because their users were asking for it, and because there was now quite a bit of
FOMO going around.

### Today: The Ecosystem

Today, the community maintains connectors for almost any service you can think
of and enterprise companies are building private MCP servers for internal
systems whilst worrying about how to govern unregulated MCP server usage
throughout their teams.

Platforms are emerging to make MCP easier to adopt. Zuplo's MCP service lets
developers expose their existing APIs as MCP servers without rebuilding
everything from scratch. The infrastructure layer is filling in.

This is what early-stage adoption looks like when it's working. The protocol is
stable enough that people are starting to build products and even businesses on
top of it. More pop up each week!

## Why It Worked

### The Timing Was Right

MCP arrived exactly when enterprises were moving from AI experiments to
production deployments.

In late 2024, companies had proven that AI could work in demos and prototypes.
The next question became: how do we connect this to our actual systems? How do
we give AI access to the data it needs without building a hundred custom
integrations?

MCP answered that question. The timing couldn't have been better.

### The Design Was Good Enough

MCP uses a client-server architecture built on JSON-RPC 2.0. This wasn't
invented from scratch. The protocol deliberately reuses concepts from the
Language Server Protocol (LSP), which standardized how code editors communicate
with language tools.

MCP applied the same patterns to a new problem space.

The technical choices made sense at the time. Stdio for local servers. HTTP with
Server-Sent Events for remote servers with support for stateful and stateless
interactions.

That initial design has changed a lot over the past twelve months. The shift
from stdio to HTTP+SSE to Streamable HTTP shows the protocol is still finding
its footing in a scramble to support the right use cases. Along with that, the
authorization spec is still evolving and the _final_ remote server story is
still being figured out.

All that change is actually a sign of health. The protocol shipped with a
reasonable design and has been adapting based on real-world usage. Good enough
to start, flexible enough to improve, and plenty of feedback to work with.

### The Need Was Real

With AI, it's context that matters. An AI agent that can't access your calendar,
your email, your CRM, or your internal databases is limited to generic responses
and surface-level help based on whatever the model you're using was trained on.

Custom integrations don't scale. Every new tool means more code to write, more
authentication flows to implement, more edge cases to handle, more maintenance
burden to carry.

MCP aimed to solve a problem that was getting worse every day. As AI
capabilities improved, the integration bottleneck became more obvious. Companies
needed a way to connect AI to their systems quickly and reliably.

### The Approach Was Right

Anthropic released MCP as an open standard, not a proprietary protocol. This
matters.

Open standards can become accepted infrastructure because no single company
controls them. It has to be that way for developers to build on them without
vendor lock-in concerns. It also means that competitors can collaborate on
implementation without too much strategic risk.

## MCP is Still Maturing

MCP solved the core integration problem, but there are still challenges to
overcome. These aren't failures, far from it. They're the growing pains of a
protocol moving from early adoption to mainstream use whilst being heavily
relied upon and solving for a target that is constantly moving. No small feat.

### Security Concerns

In April 2025, security researchers published analysis of MCP's attack surface.
They found issues. Prompt injection vulnerabilities. Tool permission problems
where combining tools could exfiltrate files. Lookalike tools that could
silently replace trusted ones.

A critical RCE vulnerability
([CVE-2025-49596](https://nvd.nist.gov/vuln/detail/CVE-2025-49596)) was
discovered in Anthropic's MCP Inspector and patched by June 2025.

This is normal for infrastructure protocols. Security researchers find problems.
The community fixes them. The protocol gets stronger.

The challenge is that MCP makes AI more powerful, which means security is
significantly more critical. An AI agent with access to the wrong tools can do
_real damage_. The community responded with tools like
[MCP-Scan](https://github.com/invariantlabs-ai/mcp-scan), which audits MCP
servers for security issues and insecure configurations.

Security will continue to be a focus area. This is healthy. Better to find and
fix these issues now than after widespread deployment in production systems.

### Authentication Struggles

MCP includes an authorization spec based on OAuth 2.1. This is necessary for
remote MCP servers that need to authenticate users and control access to
resources.

The current implementation has limitations. It requires the MCP server to act as
both the resource server and the authorization server. This creates complexity
and limits flexibility in deployment architectures.

The spec recommends Dynamic Client Registration to let clients automatically
register with authorization servers, but it's optional. When it's not supported,
developers have to manually configure client credentials.

So far implementation of DCR has been somewhat limited, with many MCP servers
still opting for straight API key authentication instead.

The challenge is standardizing auth without creating security holes. OAuth is
complex. Getting it right in the context of AI agents with broad permissions is
even harder.

### Remote or Local

Early MCP focused on local servers using stdio. This worked great for desktop
applications like Claude Desktop, where the MCP server runs on the same machine
as the client.

But it also created a high barrier to entry. Getting stdio servers running meant
editing config files, managing local processes, and understanding how to install
and run server code. This kept MCP in the hands of technical users comfortable
with command-line tools and local development environments.

Remote servers changed that. They make MCP accessible to a much broader
audience. No config files to edit. No local processes to manage. Just a URL and
authentication. This is the unlock that moves MCP from developer tool to
mainstream capability.

The protocol shifted to support HTTP with Server-Sent Events, then added
experimental support for Streamable HTTP. This eliminates the requirement for
persistent, stateful connections and enables more traditional stateless server
architectures.

Stateless servers are easier to deploy and scale. But persistent connections
enable richer interactions, like streaming results and maintaining conversation
context.

The community is still figuring out the right balance. Different use cases will
likely require different approaches. The protocol is flexible enough to support
both, which is good.

### Monetization

For many use cases, monetization isn't a problem. If you're using an MCP server
to access a service you already subscribe to, there's no additional monetization
needed. The MCP server is just another interface to existing functionality.

But what about standalone MCP servers? Services built specifically as MCP
servers that aren't tied to an existing subscription? There's no standard
approach here. What about when there is no human in the loop at all?

The real question is whether MCP should facilitate payment through complementary
protocols, or if monetization should remain entirely outside the protocol's
scope. Should there be standardized ways to handle metering, billing, and rate
limiting at the protocol level? Or should each provider solve this
independently?

Is this even MCP's problem to solve? For sure it's something that will develop
rapidly in 2025 as more companies experiment with MCP-native services, and as
more agent based marketplaces begin to emerge.

## What This Means for the Next Year

The ecosystem layer will fill in in 2026. Tools for discovering MCP servers,
services for securing and authenticating servers, agentic monetization, and
frameworks for faster development will be a constant.

2026 will also see the first production ready
[MCP Apps](https://github.com/modelcontextprotocol/ext-apps/blob/main/specification/draft/apps.mdx)
bring interactive UIs to the protocol. Tools can now render results as
dashboards, visualizations, or custom interfaces instead of just text.

The spec is still in draft, but momentum is rapid and the UI seems like it will
be quite standardized. Hopefully this saves us from the iframe-based HTML
horrors that we experienced back in the days of Facebook Apps.

The API opportunity is shifting. MCP servers are becoming another way to expose
services alongside REST. It doesn't replace existing APIs, far from it. It
complements them, but it changes how developers think about integrations and
it's forcing many to finally up their API game when it comes to design and
quality of responses.

## MCP all the way?

The question now is whether MCP becomes the standard or just a standard. The
next year will tell us. Will it be about maturation (fixing security issues,
improving authorization, properly solving remote deployment, figuring out
monetization)? Or will fragmentation emerge with competing approaches?

The momentum suggests MCP is winning. Open standards win when they solve real
problems at the right time. MCP began solving the AI integration problem exactly
when it felt like it needed to be solved. The timing was perfect. The design was
strong enough. The approach was open. The adoption followed naturally.

But, it's only been a year. It's still so early.

MCP didn't just _arrive_ in 2025. It helped define what 2025 meant for AI. The
year when AI went from demos to production. The year when agentic AI became
practical... and now it's getting UI.

One year down. The real work is just beginning.