Model Context Protocol (MCP): A Guide for Adoption
Nov 20, 2025
Model Context Protocol (MCP): What It Is and How to Implement It
If your roadmap includes AI assistants interacting with real systems, raising tickets, posting to Slack, or querying Snowflake, MCP is the quickest and safest way to make those connections. Developed in late 2024 and refined through 2025, MCP standardizes how large language model applications link to tools and data, preventing the need to rebuild integrations for every model or vendor.
A Quick Overview
MCP is an open protocol for connecting AI applications (the “host”) to external capabilities using a client-server model. The host incorporates an MCP client; your tools and data reside behind one or more MCP servers. The client adheres to a well-defined protocol (JSON-RPC 2.0) enabling the large language model to find tools, call functions, and retrieve context reliably.
Think of MCP as USB-C for AI, a single port compatible with many peripherals. Swap Claude for ChatGPT or vice versa without needing extensive rewrites.
Why MCP is Important to SaaS Teams in 2025
Simplifies the N×M Problem. Instead of crafting N customized integrations for M models, MCP abstracts the interface so a single server can work across multiple large language model hosts, reducing complexity and speeding up the time-to-market.
Strong Ecosystem Momentum. MCP started with Anthropic and is now available across IDEs, Claude Desktop, and OpenAI’s connectors/Agents SDK—with initial support in ChatGPT’s Developer Mode. This cross-vendor momentum is why many CIOs view MCP as the standard route to “agent-ready” SaaS.
Emerging Enterprise-Grade Patterns. Vendors are launching security layers that “defend for MCP” and encryption-focused patterns tailored to regulated sectors, facilitating safe adoption.
Core Architecture (Simple Mental Model)
Host: The AI application (e.g., Claude Desktop, ChatGPT) running an MCP client.
MCP Client: Translates user intent/tool calls into protocol messages.
MCP Server(s): Your side—APIs, databases, or workflows exposed with schema-driven tool definitions and responses via JSON-RPC 2.0.
This separation enables platform teams to publish a catalogue of secure capabilities (e.g., “create Jira issue”, “query BigQuery”) that any compliant large language model can use—subject to policy and authentication.
Which Platforms Currently Support MCP?
Anthropic Claude / Claude Desktop: First-party MCP reference with numerous example servers. anthropic.com
OpenAI: Connectors and remote MCP servers via the OpenAI API/Agents SDK; growing client support is emerging in Developer Mode. OpenAI Platform
Developer Tooling: Official and community servers for GitHub, Buildkite and more; vibrant open-source lists to accelerate integration. GitHub
Industry Interest: Microsoft has publicly backed industry standards like MCP to enhance agent ecosystems' interoperability.
Our Partner Ecosystem (MCP Ready)
Asana — Official MCP server enables AI tools to create/read tasks and interact with the Work Graph using standard tools. (Asana)
Miro — MCP server available (currently labelled beta/waitlist in some materials) to query board context and initiate actions from AI tools. (developers.miro.com)
Notion — Hosted Notion MCP allows secure read/write access to workspace objects; compatible with Claude, ChatGPT and Cursor. (developers.notion.com)
Glean — Remote MCP server integrated into the platform to expose permission-aware enterprise knowledge to any MCP-compatible host. (developers.glean.com)
Partner | MCP Status | Documentation |
|---|---|---|
Asana | GA: Official MCP server | “MCP Server” documentation & integration guide. Asana |
Miro | Beta / waitlist mentioned in site copy | Developer guides + public waitlist page. developers.miro.com |
Notion | GA: Hosted MCP | Developer documentation + Help Center overview. developers.notion.com |
Glean | GA: Remote MCP server | Admin & user guides. developers.glean.com |
Security: What MCP Solves—and What It Doesn't
MCP is not a cure-all. It provides a consistent channel; enterprise guardrails are still necessary:
Threats: Prompt injections, overly privileged servers, and untrusted outputs can result in data leaks or unintended actions (e.g., “MCP-UPD”).
Additional Controls:
Effective authentication/authorization at the server boundary (tokens, mTLS, scoped RBAC).
Policy Filters to limit tool arguments and outputs.
Audit/Recording of every tool call and response.
Data Security techniques (application-layer encryption/hold-your-own-key) for sensitive repositories.
Build vs Buy: MCP Servers
You can quickly construct simple servers (many teams begin with a “read-only analytics” server, then add write actions). Community examples and templates exist for common backends and languages. For speed, you can also adopt vendor-supported servers (GitHub, CI/CD, communications).
A Pragmatic 6-Step Rollout for SaaS Platforms
Select a High-Value, Low-Risk Flow. For instance, “Create/read incidents” or “Read dashboards”. Keep scope focused for Week 1 successes.
Initialize an MCP Server for that flow with least-privilege credentials; make a small, well-typed toolset public and verify arguments.
Integrate a Host (Claude Desktop or OpenAI Agents) within a development environment. Secure secrets with your established vault and rotate them.
Add Guardrails: schema validation, allow-lists, output checks, audit logging. Link each tool to a named policy.
Conduct a Pilot with Actual Users within Slack or VS Code. Monitor accuracy, action failure rates, and time-to-resolution against baseline metrics.
Reinforce & Scale: implement mTLS, tool-specific scopes, and encryption strategies for regulated data; then expand your server catalogue.
Common Use Cases We Observe
Customer Support & Operations: Raise tickets, summarize cases, and query CRM with auditable tool calls.
Developer Productivity: Manage repositories/CI from chat; search code with controlled write access.
Data Access: Natural-language queries against databases via read-only servers, with row-level policy.
Governed Automation: Orchestrate multi-step workflows across SaaS apps while maintaining a single audit trail.
How MCP Compares to Custom Tool Integrations
Aspect | MCP Method | Point-to-Point Tools |
|---|---|---|
Integration Speed | Standard schema; reuse across hosts | Rebuild per model/vendor |
Governance | Policy at server boundary | Scattered across bots/apps |
Portability | Works across compliant hosts | Vendor-locked |
Security | Centralize authorization, audit, scopes | Often duplicated/inconsistent |
(Insights based on specification and platform documentation.) Model Context Protocol
The Future Outlook
With support from Microsoft and others for interoperability, alongside OpenAI and Anthropic delivering client support, MCP is poised to develop an “agentic web” where compliant tools interchange like web services did following HTTP 1.1. Look forward to enhanced schemas, richer discovery, and enterprise extensions (governance, rate limits, and identity).
Action Steps: If you're planning AI features for your product, now is the time to prototype with MCP so you can switch hosts later without re-platforming.
Model Context Protocol (MCP) FAQ
Q1: Is MCP Exclusive to Anthropic?
No. Although initiated by Anthropic, MCP is an open standard with a public specification and support from multiple vendors.
Q2: Does OpenAI Support MCP?
Yes—through connectors/remote MCP servers in the API/Agents SDK and initial support in ChatGPT Developer Mode.
Q3: What Risks Should Security Teams Be Aware Of?
Prompt injections, mis-scoped permissions, and data leaks; match MCP with stringent authentication, policy, and auditing.
Q4: How Do We Begin?
Deploy a minimal MCP server for a single secure workflow, integrate with a host, add guardrails, and pilot before scaling.
