MCP is eating the world
136 comments
·June 21, 2025faxmeyourcode
rcarmo
As someone who does both, I have to say that the only reason I am writing MCP stuff is that all the user-side tools seem to support it.
And the moment we, as an industry, settle on something sane, I will rip out the whole thing and adopt that, because MCP brings _nothing_ to the table that I could not do with a "proper" API using completely standard tooling.
Then again, I have run the whole gamut since the EDI and Enterprise JavaBeans era, XML-RPC, etc. - the works. Our industry loves creating new API surfaces and semantics without a) properly designing them from the start and b) aiming for a level of re-use that is neither pathological nor wasteful of developer time, so I'm used to people from "new fields of computing" ignoring established wisdom and rolling their own API "conventions".
But, again, the instant something less contrived and more integratable comes along, I will gleefully rm -rf the entire thing and move over, and many people in the enterprise field feel exactly the same - we've spent decades builting API management solutions with proper controls, and MCP bodges all of that up.
alfalfasprout
> And the moment we, as an industry, settle on something sane, I will rip out the whole thing and adopt that, because MCP brings _nothing_ to the table that I could not do with a "proper" API using completely standard tooling.
100%. I suppose I understand MCP for user-side tooling but people seem to be reinventing the wheel because they don't understand REST. making REST requests with a well defined schema from an LLM is not all that hard.
OJFord
I don't even mind it existing, it's just the way it's presented/documented/talked about like it's some special novel important concept that baffles me, and I think makes it more confusing for developer newcomers (but fine or maybe even helpful for not-particularly-technical but AI-keen/'power' users).
jmward01
I personally wouldn't be surprised if the http calling abilities of LLMs end up killing MCP, or at least greatly reducing its use. If you train LLMs to start interacting with REST APIs as a great way to make them do more then a lot of the MCP use cases go away.
dkdcio
Where I struggle conceptually is this works fine without MCP.
Write a CLI tool that does the same thing (including external service access) and tell any agentic CLI tool (or Cursor or IDE tool) to use the tool. Much simpler, established security models, etc.
BeetleB
You're thinking like a SW engineer. Instead, think like someone who just happens to know a bit of programming. MCP is much, much easier than tool calling, I think.
As an example, I wrote a function in Python that, given a query string, executes a command line tool and returns the output. To make it an MCP server, I simply added type annotations to the function definition, and wrote a nice docstring, and added a decorator.
That's it. And now it works with all providers and all tools that support MCP. No REST APIs, etc needed. Not tied to a particular agentic tool.
Every time I've written a tool, I've ended up with "Wow, was it really that simple?"
As for security: If you write your own tool, the security implications are the same.
potatolicious
Sure, and MCP is just a standardized way of exposing tools. This is where I feel MCP is both overhyped (waaaaaaay too much LinkedIn influencer hot air) but also genuinely quite useful.
I've done stuff very much like the above with just regular tool calls through the various LLM APIs, but there are tons of disparate frameworks for how to harness up a tool, how they execute, how they are discovered, etc. None of it is rocket science.
But the nice thing about having a standard is that it's a well-lit path, but more importantly in the corporate workflow context is that it allows tools to be composed together really easily - often without any coding at all.
An analyst who has zero coding experience can type in a prompt, click "add" on some MCP tools, and stand up a whole workflow in a minute or two.
That's pretty cool.
And yeah, none of it is impossible to implement yourself (nor even very hard!) but standardization has a value in and of itself in terms of lowering barriers to entry.
what-the-grump
xkcd 927, every single time
yjp20
This is pretty fair: in claude code, I have the github mcp server installed, but the agent actually prefers to use the CLI. There's also other advantages too, such as incremental discovery of subcommands for more complex CLIs. Certainly agents already don't have a problem using CLIs.
That said, this doesn't fully work in environments on websites like claude.ai. Perhaps you could have an org-wide Dockerfile or something that opens every time you start a chat which gives it MCP-like capabilities, but that sounds more complicated in many ways than what MCP does. There's also more problems that MCP solves, like with Prompts and Sampling (which are pretty under-used at the moment), and there aren't great analogs for that in the CLI world.
Also developers like you and I might find it trivial to install CLIs, set up auth, and open an agent locally, but this isn't widely true. As an example, at Stainless we have non-engineer folks who ask questions like "who are the most interesting people who have signed up yesterday", and with the right MCP tools wired to claude.ai, claude actually does an excellent job of answer these kinds of questions, all in the browser. This was all without a doubt possible before MCP, but MCP reduces the friction enough, such that it becomes worth-it/easy-enough to develop these tools.
cpursley
Ditto on the postgres MCPs vs the standard pg cli - seems to prefer the cli. Which is fine enough for me.
rcarmo
What you are actually saying is that you don't have a data platform with reporting and prefer using your own product because you designed your user tier to have an MCP server, which is kind of an ourobouros.
rictic
Yes, MCP adds no new fundamental capabilities. What it does is solve an N x M problem, where to hook up a given tool to a given LLM scaffold you have to write specific integration code for that combination of scaffold and tool.
With MCP that's decoupled, the tool and the software speak a common protocol, and it's one line of configuration to hook the tool up to the LLM. Makes it easy to mix and match, reuse code, etc.
OJFord
tool --help
man tool__MatrixMan__
I'll take a CLI over http ten times out of ten. However, I'm skeptical that that's the ideal long term interface because it gives the model too much freedom.
I want to be the one deciding which CWD to use, which user to run as, whether to see the whole filesystem or to restrict to a chroot, etc.
So far it hasn't been malicious but I've had a number of cases while using cursor where the model has gotten confused and is now editing repos outside the open workspace.
Maybe the answer is still a CLI, but I want a standardized interface for equipping that CLI with handcuffs.
apitman
Are there any tools that automate using containers for this?
rattray
Yeah, CLIs actually often do seem better for agents with access to bash, like Claude Code.
That said, many "business users" like those referenced above interact more with a web UI, and asking them to audit bash/CLI interactions might not always work well.
(disclaimer: I work at Stainless; we're actually exploring ways to make MCP servers more "CLI-like" for API use-cases.)
chime
If the CLI tool does IO with the agentic CLI tool of choice over STDIO, then it's MCP by definition, with the only caveat being that it runs locally on each user's machine instead of a server. For dev-teams, CLI would work but for non-coders, web-apps or Slack-channel with LLM/MCP integration would be better.
zackify
The problem with that is it doesn’t work for people who are not technical. Remote mcp is pretty good even if I would have preferred a rest api helper endpoint to support existing apis
zackify
I’ve managed to do the same thing!
It’s actually surprising just how powerful 1-5 tools can be if you document it well and the llm knows how to pass arguments from other tool responses you had higher up in the thread
faxmeyourcode
Yep, we've built some really useful agents with some simple tools (3-5 templated snowflake queries with really good descriptions). The LLM is useful for shaping your question into function params and then interpreting the results based on the context it got from the tool description.
tptacek
I'm doing the same thing now (with Slack as a medium of interaction with the agent) --- but not with MCP, just with straight up tool call APIs.
rattray
How many tools does your agent have access to?
At Stainless we use https://github.com/dgellow/mcp-front to make it easy for anyone on the team (including non-technical folks) to OAuth into a pretty wide variety of tools for their AI chats, using their creds. All proxied on infra we control.
Even our read replica postgres DB is available, just push a button.
tptacek
Just 5 or 6. I'm just using the OpenAI tool call API for it; I own the agent (more people should!) so MCP doesn't do much for me.
ramesh31
I've found it to be amazing purely as a new form factor for software delivery. There's a middle ground so common in enterprise where there's a definite need for some kind of custom solution to something, but not enough scale or resourcing to justify building out a whole front end UI, setting up servers, domains, deploying, and maintaining it. Now you can just write a little MCP tool that does exactly what the non-technical end user needs and deliver it as a locally installed "plugin" to whatever agentic tooling they are using already (Claude Desktop, etc). And using Smithery, you don't even have to worry about the old updating concerns of desktop software either; users get the latest version of your tooling every time they start their host application.
jlowin
FastMCP author here -- (maybe surprisingly) I agree with many of the observations here.
FastMCP exists because I found the original spec and SDK confusing and complicated. It continues to exist because it turns out there's great utility in curating an agent-native API, especially when so many great dev tools have adopted this client interface.
But the spec is still so young and at such risk of being co-opted by hype (positive and negative). I would invite everyone to participate constructively in improving it.
Lastly: this article is plainly AI generated, as `from mcp import tool` is completely hallucinated. Just some food for thought for the "AI should be able to figure out my complex REST API" crowd that seems well represented here.
ashwinsundar
I would invite everyone to participate constructively in improving it.
lightbulbish
IIRC they talk about it here
https://www.youtube.com/watch?v=m2VqaNKstGc&ab_channel=Laten...
TL;DR If you want to engage with the MCP protocol you can do so here. https://github.com/modelcontextprotocol
yjp20
(author here)
You're right, that snippet was ai-generated and I forgot to action one of my todos to fix that snippet. This was negligent on my part, and I hope you'll forgive me.
We're fixing that right now, thank you for the correction!
0x500x79
I believe that MCP is a bit over-marketed.
MCP allows you to bring tools to agents you don't control. It's awesome, but it isn't the right match for every problem. If you believe the hype of X/LinkedIn you would think that MCP everywhere is going to be the solution.
Bringing tools to your local Claude client is awesome, but there are still challenges with MCP that need to be solved and like all technology, it isn't applicable universally.
Not to mention it's a recipe for burning tokens!
Aurornis
> I believe that MCP is a bit over-marketed
MCP is pretty cool, but the way every AI influencer pivoted to producing MCP glorification posts at the same time has been groan-inducing. I can usually ignore the hype cycles, but I've been bombarded with so much MCP influencer content in the past few months that I feel exhausted every time I see those three letters.
0x500x79
It never fails that if you look at their title it's: VP of XYZ at something.ai as well!
qsort
It's basically the story of the last 3 years. Can't ignore the technology, but every loser grifter in existence has been on AI full time. On average, the more they are fanatics of it, the less they're able to take advantage of what it actually can do, most often due to an inordinate amount of skill issues unrelated to AI.
Eisenstein
When the crypto bubble burst, the fad chasers had to go somewhere. It is a tale as old as time.
tptacek
All influencer content is groan-inducing, but the idea behind MCP is pretty huge: it's the ability to link LLM agent loops into basically arbitrary APIs. It would be weird if it wasn't attracting a lot of attention.
OJFord
Tool-calling is pretty huge, but MCP (a standard for calling a tool over HTTP) is way over-hyped, and neither here nor there really.
brandensilva
As a developer the hype is over the top for sure, but for the average marketer or influencer I can see how it is warranted.
Now if there is a good way to deal with authentication and authorization piece without agents gone wild that would excite me as a dev a lot more at this point.
theOGognf
Along with burning tokens, how MCP servers are ran and managed is resource wasteful. Running a whole Docker container just to have some model call a single API? Want to call a small CLI utility, people say to run another Docker container for that
Feels like a monolith would be better
MyOutfitIsVague
A "whole Docker container" is not very heavyweight. Other than having their own filesystem view and separate shared libraries, container processes are nearly as light as non-container processes. It's not like running a VM.
jcelerier
> Other than having their own filesystem view and separate shared libraries, container processes are nearly as light as non-container processes. It's not like running a VM.
why does the smallest script take seconds to even start then?
stingraycharles
I don’t think running these commands in a docker container is the standard way of doing this, I’ve seen “npx” et al being used way more often.
Furthermore, the “docker” part wouldn’t even be the most resource wasteful if you consider the general computational costs of LLMs.
The selling point of MCP servers is that they are composable and plug in into any AI agent. A monolith doesn’t achieve that, unless I’m misunderstanding things.
What I find annoying is that it’s very unpredictable when exactly an LLM will actually invoke an MCP tool function. Different LLM providers’ models behave differently, and even within the same provider different models behave differently.
Eg it’s surprisingly difficult to get an AI agent to actually use a language server to retrieve relevant information about source code, and it’s even more difficult to figure out a prompt for all language server functions that works reliably across all models.
And I guess that’s because of the fuzzy nature of it all.
I’m waiting to see how this all matures, I have the highest expectations of Anthropic with this. OpenAI seems to be doing their own thing (although ChatGPT supposedly will come with MCP support soon). Google’s models appear to be the most eager to actually invoke MCP functions, but they invoke them way too much, in turn causing a lot of context to get wasted / token noise.
MaxLeiter
Remote MCPs should resolve some of this
pphysch
MCP is a major lifeline for OpenAI and Anthropic. Their only reasonable way to compete with the big vertical AI integrators is if the "community" does all the hard work of integration, hence MCP. After the initial burst of greenfield enthusiasm I suspect it will stagnate as a yet another maintenance burden.
fiatjaf
You just said the same thing three times and didn't explain why.
pydry
It's not the solution to every problem but it's a great substitute for a infrequently used app with mediocre UX and most of the world's apps probably do fall into that category actually.
tempodox
> … agents you don't control. It's awesome …
What have we come to when losing control in software development is called “awesome”.
0x500x79
I don't think that the goal of MCP is for software developers.
MCP is great for: "I would like Claude Desktop/VSCode/Cursor to know about my JIRA tickets". AFAIK Most of the tools that are being used for AI Coding tools are not delivered through MCP.
loloquwowndueo
WOW talk about quoting out of context.
0x457
Do you get mad at IDE plugins that let you extend software that you don't control?
pabzu
Another hyped/clickbait headline about a "new technology" that will "transform everything"
written by a company that sells this "new technology".
sylens
I just saw some job postings asking for 8+ years experience in MCP
steve_adams_86
Well you see I run dozens of agents at once so my hours of experience accumulate at 10-100x real time. I've got about 200 years of experience in MCP. I accumulated another 3 years of experience while typing this
layer8
Not a problem for the 15x programmer.
kibwen
15x is a rookie multiplier, do you need me to explain how exponential curves work? Within mere months I'll need to start resorting to up-arrow notation to express my value as a developer. And someday I might even start making more money too!
skeeter2020
>> >> Heck, even MCP itself isn’t new—the spec was released by Anthropic in November
woosh!
barbazoo
You need 10+ for senior though.
saulpw
1 year for a human is like 10 in AI-years.
olddustytrail
I think you're joking but if not I'd love to see one!
ypeterholmes
How does it sell a basic protocol that anyone can use?
rattray
Taking this question at face value, because you asked: Stainless generates MCP servers for REST APIs (a ~simple[0] translation of an OpenAPI to a suite of MCP tools).
We actually generate MCP for free (we charge for SDKs), so we're technically not selling, but I don't begrudge GP's comment/sentiment.
[0]https://www.stainless.com/blog/what-we-learned-converting-co... describes some ways in which this is less simple than you think. The "Handling large APIs dynamically" section near the bottom covers the most salient challenge related to converting large APIs to MCP tools, but there's more work to do.
ezekiel68
It's clearly a plot by Big MCP to sell us more MCP. /s
Animats
> At Stainless, we’re betting it’s here to stay.
By a seller of MCP.
The trouble with MCP is that it requires a trip through an LLM for every transaction. It's not like the ends negotiate a simple protocol so that later queries are cheap. That's a huge cost increase as traffic increases.
taberiand
There is no reason you couldn't design the system to hand off to a simple protocol through an MCP call, it's entirely up to what works in the specific situation. There is nothing in the design that mandates a path through the LLM for every request or transaction.
rattray
I'm not sure I understand what you mean by "it requires a trip through an LLM for every transaction"?
In a normal case of "production software", yeah, you would not want to add an LLM in the middle to make an API call. That's silly – just write the code to make the API call if you can do it deterministically.
If you're talking to an LLM in a chat experience, and you want that LLM to go interact with some foreign system (i.e., hit an API), you need _some way_ of teaching the LLM how to make that API call. MCP is one such way, and it's probably the easiest at this point.
Doing it through MCP does introduce some latency due to a proxy server, but it doesn't introduce an additional LLM "in the middle".
(Disclaimer: I work at Stainless. Note that we actually sell SDKs at Stainless; our MCP generator is free.)
neuroelectron
MCP, in its current form, functions as a fun and profit remote exploit vector, primarily because it exposes AI systems to a wide range of attacks through under-specified security controls, heavy reliance on natural language context, and the ability for untrusted servers to manipulate model behavior. While MCP aims to standardize and simplify tool integration for AI, its half-implemented security features and architectural choices have made it a high-risk protocol, especially when deployed without additional safeguards.
A treasure trove of possibilities: OAuth tokens, almost impossible to build alarms for outside of transmission rates (what are you running your own LLM? How about a meta MCP for twice the API calls?) , assumed trusted input, the server can inject malicious instructions via tool descriptions, leading to prompt injection, data exfiltration, or even remote code execution, sometimes without any explicit tool use by the user.
mkagenius
Unfortunately, the "protocol" doesn't have any emphasis on security so far, its all a repeat of HTTP -> HTTPS.
However I feel the tooling built around MCP has been a lot and makes your work easier.
The perfect use today would be using a locally running MCP servers for execution of code[1], manipulation of local files etc.
1. CodeRunner - Generate and run LLM code locally on Apple containers (https://github.com/BandarLabs/coderunner) (I am one of the authors)
ezekiel68
Okay. I guess someone could have said the same thing at the dawn of the microcomputer era, too. Get back to us when the world melts down.
neuroelectron
I think "if you're not doing anything wrong you have nothing to hide" doesn't apply to B2B services.
ravenstine
> Heck, even MCP itself isn’t new—the spec was released by Anthropic in November, but it suddenly blew up in February, 3 months later.
Wow, the idea of what's "new" in software has always been really short, but damn, it's becoming questionable whether anything can be considered new these days.
sidewndr46
Yeah, if this was the Javascript ecosystem 3 months would mean the original implementation has been moved to maintenance mode and only gets security updates from here forward. Everyone would need to start migrating to the replacement as soon as possible.
dack
yeah it's crazy to think that claude 4 has only been out a month. And the previous iteration 3.7 was launched only in February!
but also I think the interesting thing is that people didn't jump on MCP immediately after it launched - it seemed to go almost unnoticed until February. Very unusual for AI tech - I guess it took time for servers to get built, clients to support the protocol, and for the protocol itself to go through a few revisions before people really understood the value.
dack
MCP still feels so early. It's getting better - we went from "set up `npx` on your system and edit this JSON file in an obscure directory" to "set the name and URL of your MCP server" in claude.ai. But you're right, even knowing how to find a URL for the MCP server is a tall order for most.
I wonder what the optimal form factor is. Like what if your AI could /suggest/ connecting with some service? Like your AI is browsing a site and can discover the "official" MCP server (like via llms.txt). It then shows a prompt to the user - "can I access your data via X provider?". you click "yes", then it does the OAuth redirect and can immediately access the necessary tools. Also being able to give specific permissions via the OAuth flow would be really nice.
remram
I tried using MCP to run some custom functions from ollama & openwebui. The experience was not great.
Doing anything with LLM feels more like arguing than debugging, but this was really surreal: I can see the LLM calling the function with the parameters I requested, but then instead of giving me the returned value, the LLM always pretends it doesn't know the function and tries to guess what the result should be based on its name.
The protocol itself is really weird, almost based on standards but not quite. It was made by one vendor to fix one problem. It has the benefit of existing, but I don't know if it is worthy of any praise?
csomar
Unless you are running DeepSeek/OpenAI/Anthropic models, I suspect your LLM will struggle with the complexity. That being said, except for Puppeteer and usebrowser, every MCP I have tried was complete sh+t. As: doesn't really work and will confuse the hell out of your LLM.
svachalek
I don't know what model you're using through ollama but a lot of people pick up a 4b model and expect it to be ChatGPT when it's like 0.2% of the size. 4b models are mostly toys imo. The latest generation of 8b models are sometimes useful, but often still laughably stupid. 14b starts to have potential, 30b are pretty good.
But remember, the hosted frontier models are still gigantic compared to these, and still make stupid mistakes all the time.
never_inline
I mean, LLMs you can run on ollama are usually pretty bad ones.
gregorym
Today almost every public MCP server targets B2B workflows like GitHub, Jira, Linear, Slack, and similar developer or workplace tools.
In a recent talk, Andrej Karpathy argued that “LLMs are the new operating system.” If that analogy holds, the only “apps” we've built so far live in the enterprise quadrant of that OS.
I expect consumer facing MCP experiences to follow soon. I’m not yet sure what they’ll look like, perhaps games or other interactive content but the infrastructure is falling into place: OpenAI has said ChatGPT will support custom MCP connectors, ElevenLabs’ 11AI already ships with MCP integration, and Claude has added remote MCP support. As those channels reach mainstream users, everyday LLM users will start asking for richer experience and MCP is how developers will deliver them.
ramoz
9 times out of 10 my Claude Code is using a bash script before I hook up an MCP to it.
- less tokens required in context (CLAUDE.md vs CLAUDE.md + MCP bloat per request)
- native agent tooling, relying on Bash(my-script params)
- less black box (you & the coding agent can read the scripts)
MCPs are often wrapping restful apis. Turns out agents can use those just fine.
Karrot_Kream
Yeah I wonder just how much MCP is needed when the models seem fine at making REST requests as is, especially if there's an OpenAPI or similar spec available.
luketheobscure
It's interesting how quickly my brain developed an AI detector for written language (this blog post screams ChatGPT).
I wonder if it will stay effective, or if LLMs figure out a way around it? Or maybe it's just that this is the new way that technical blog posts are written, sort of how nearly all press releases feel univocal.
Based on the comments here, a lot of folks are assuming the primary users of mcp are the end users connecting their claude/vscode/etc to whatever saas platform they're working on. While this _is_ a huge benefit and super cool to use, imo the main benefit is for things like giving complex tool access to centralized agents. Where the mcp servers allow you to build agents that have the tools to do a sort of "custom deep research."
We have deployed this internally at work where business users are giving it a list of 20 jira tickets and asking it to summarize or classify them based on some fuzzy contextual reasoning found in the description/comments. It will happly run 50+ tool calls poking around in Jira/confluence and respond in a few seconds what would have taken them hours to do manually. The fact that it uses mcp under the hood is completely irrelevant but it makes our job as builders much much easier.