We have heard from several clients that have mentioned the deployment of MCP based solutions are currently not approved in their organizations. FINOS recently did a survey that highlighted some common obstacles they heard from survey respondents. I’m interested in hearing from the community @Builders what obstacles they are running into, especially regarding the security considerations.
2 Likes
Hey Bob,
Here’s what I’m seeing
- When MCP exploded, a lot of unofficial servers popped up quickly, and researchers found vulnerabilities in some. There was a lot of noise, “MCP is insecure”, even though the issues were in the implementation, not the protocol that still evolves.
- Who owns it? I.e. if an MCP running inside Claude causes problems is it Claude or the server? Also should developers or IT own it?
- It’s a new technology, not much expertise, yet. And you probably need to get approval to use each MCP server. If you simply create a tool call to an api of a vendor you already use you may skip that part. So you save your time and don’t need to create more work for your colleagues in the IT/sec team who are already swamped by requests for reviews of shiny new ai.
- Because Anthropic created it, OpenAI and Google won’t hype it. They’ve integrated it because many companies started using it, but often in a way that’s a bit more cumbersome to set up (Microsoft on the other side made it very easy in VSCode/GitHub Copilot).
But actually, having a standard protocol makes things safer at scale. Instead of every team inventing new tools, auth layers, and governance, you can use a common framework. Which is better for regulated enterprises than one-off solutions if you can enforce least privilege, traceability, and safe execution.
@saad @Nicholas.head @steven.paske wdyt?
1 Like