YPO Technology Network AI Brief
YPO Technology Network AI Brief

MCP Is The Plug. You Still Need The Outlet Cover.

9 min
Apr 29, 2026about 1 month ago
Listen to Episode
Summary

Stephen Forte explains Model Context Protocol (MCP), an open standard for AI agents to interact with business systems, and emphasizes that while MCP adoption is now enterprise standard, organizations must implement governance layers (agent ops) to safely deploy agents in production environments.

Insights
  • MCP adoption has accelerated from curiosity to default infrastructure in under a year due to vendor standardization and Linux Foundation endorsement, signaling enterprise maturity
  • The critical gap is not AI capability but reliability—82% of organizations have agents in production but cite reliability as the #1 challenge, requiring dedicated governance layers
  • Agent ops (gateway, identity, logging) is emerging as a mandatory separate discipline and budget line, analogous to how DevOps emerged for software deployment
  • MCP's openness creates both utility and security risk; bare MCP servers are dangerous without protection layers, requiring intentional architectural decisions
  • Leadership must shift from avoiding MCP to owning how it's protected, with explicit accountability assigned to a single owner rather than committees
Trends
Agent ops emerging as distinct discipline for production AI reliability and governanceLinux Foundation governance of AI standards signaling enterprise maturity and vendor neutralityMCP becoming default integration pattern across competing AI platforms (Anthropic, OpenAI, Google)Organizations deploying agents in production without adequate reliability/governance infrastructureShift from custom integrations to standardized protocol-based agent architectureSecurity-first design requirements for AI agent deployment becoming non-negotiableOpen standards reducing vendor lock-in and enabling model portability in enterprise AIFintech and venture-backed companies leading aggressive agent deployment in financial workflows
Companies
Anthropic
Created Claude and released MCP as open spec in late 2024; primary driver of protocol adoption
OpenAI
Competes with Anthropic's Claude; now supports MCP standard for agent integration
Google
Announced Gemini Enterprise platform support for MCP at Cloud Next conference last week
Cursor
AI-assisted coding editor built on MCP; default tool for AI-assisted development in engineering teams
Langchain
Most widely deployed open-source framework for building AI agents; built on MCP
IBM
Offers Langflow, a visual builder for enterprise agent workflows built on MCP
Linux Foundation
Hosted inaugural Agentic AI Foundation Summit; provides corporate governance for MCP standard
AWS
Announced production MCP integrations at Linux Foundation summit
Fujitsu
Announced production MCP integrations at Linux Foundation summit
Brex
Corporate card fintech aggressively deploying agents in financial workflows; open-sourced Crab Trap governance tool
Suzy
Announced production MCP integrations at Linux Foundation summit
People
Stephen Forte
Host of AI Brief podcast; explains MCP and agent ops governance requirements to business leaders
Quotes
"The CEOs who treat it that way are going to run their companies through the next decade. The ones who don't are going to be managed by their own teams without realizing it."
Stephen ForteOpening remarks
"MCP is that but for AI. An MCP server is a small piece of software that sits in front of one of your business systems, your CRM, your data warehouse, a SharePoint folder, a billing database, a JIRA project, and exposes a standard set of doors."
Stephen ForteMCP explanation
"An MCP server is a powerful electrical outlet wired directly into your building's main panel. It is enormously useful, but you don't put a bare outlet in a child's bedroom. You add a cover. You add a circuit breaker. You add a ground fault interrupter."
Stephen ForteSecurity analogy
"The agents can do the work. They cannot consistently be trusted to do it without supervision."
Stephen ForteReliability challenge
"The agent looks busy. It is hitting endpoints. The endpoints are wrong. The work product is garbage. Crab Trap is a referee."
Stephen ForteBrex example
Full Transcript
Welcome to the AI Brief from the YPO Technology Network. I'm Stephen Forte. Before I get to today's topic, a quick word to my fellow YPO members and to the colleagues, partners, and operators listening alongside us. The reason I lay these episodes out the way I do is simple. A working education in AI, the components, the terminology, the architecture, is now part of the job. Not a nice-to-have. The CEOs who treat it that way are going to run their companies through the next decade. The ones who don't are going to be managed by their own teams without realizing it. So forward these episodes, share them with your CTO, your head of operations, your CFO, your general counsel, the people who actually get the work done. The goal is for you and them to be in the same room, speaking the same language. With that out of the way, something caught my eye over the weekend and I figured I'd talk about it. Three letters that have been showing up in every board update, every vendor pitch, every engineering roadmap for the last six months. MCP, most of you have been nodding politely. A few of you have been quietly Googling, today I'm going to fix that. What MCP is, why it's useful, why it's now standard, and the one thing your team has to be doing around it that most teams aren't. MCP stands for Model Context Protocol, Anthropic, the AI lab behind Claude, the chatbot and model family that competes head-to-head with OpenAI's ChatGPT and Google's Gemini, released it in late 2024 as an open spec. Think of MCP the way you think of USB. Before USB, every printer had its own cable. Every camera had its own cable. Every drive had its own cable. After USB, anything plugs into anything. MCP is that but for AI. An MCP server is a small piece of software that sits in front of one of your business systems, your CRM, your data warehouse, a SharePoint folder, a billing database, a JIRA project, and exposes a standard set of doors. An AI agent walks up, asks what doors exist picks the one it needs and walks through The agent doesn need to know whether your CRM is Salesforce or HubSpot It just knows the door is labeled lookup customer That is the entire reason MCP matters Before MCP if you wanted an AI agent to read your sales pipeline, draft a proposal, check a contract, and post a Slack message, you needed four separate custom integrations and a developer to wire them together. With MCP, the agent gets four standard plugs. Anyone can build an MCP server for any system. Vendors are now shipping them by default. This is why MCP went from curiosity to default in less than a year. Anthropic supports it. OpenAI supports it. Google's Gemini Enterprise platform announced support last week at Cloud Next. Cursor, a coding editor that's become the default tool for AI-assisted software development inside most engineering teams, is built on it. Langchain, the most widely deployed open-source framework for building AI agents, is built on it. Light LLM, a rooting layer companies use to switch between models without rewriting code. IBM's Langflow, a visual builder for enterprise agent workflows. Every open-source agent project of consequence built on it. And last Friday in San Francisco, the Linux Foundation hosted the inaugural Agentic AI Foundation Summit. The Linux Foundation, for the listener whose engineers haven't dragged them through this, it's the non-profit that governs Linux, the operating system that runs most of the world's servers, including almost certainly your own. When the Linux Foundation puts its name on a standard, it is the corporate governance equivalent of UL certification on an electrical product. It signals that this technology is now adult, neutral, and going to outlive any single vendor. Suzy, AWS, and Fujitsu announced production integrations on the same day. Translation, MCP is no longer Anthropics Protocol. It is enterprise infrastructure That is genuinely good news Standards reduce vendor lock Standards reduce integration cost Standards let you swap one model for another without replumbing the building MCP earned the room Here is the part most CEOs need to hear MCP works because it is open. An MCP server is designed to take instructions from any agent that knocks on its door. That openness is what makes the protocol useful. It is also what makes it dangerous if you deploy it naked. Think of it this way. An MCP server is a powerful electrical outlet wired directly into your building's main panel. It is enormously useful, but you don't put a bare outlet in a child's bedroom. You add a cover. You add a circuit breaker. You add a ground fault interrupter. The outlet is fine. The protections around the outlet are non-negotiable. What that protection looks like for MCP has a name now in the engineering world. It's called an agent ops layer. The same way DevOps emerged a decade ago to handle the messy reality of getting software into production reliably, agent ops is the discipline emerging now for getting agents to operate reliably and safely. Same idea, new layer of the stack. In practical terms, the protection is three things. A gateway that sits between agents and your MCP servers and inspects every request before it goes through. An identity system that knows which agent is asking and what it's allowed to do. and a logging layer that records every call so you can audit what happened when something goes wrong, because something will. This week, Brex made the point cleanly. Brex, the corporate card and spend management fintech, roughly 12,000 customers, mostly venture-backed and mid-market companies, has been more aggressive than most about putting agents in front of real financial workflows. Their engineering team open-sourced a small tool called Crab Trap. It sits between an agent and the rest of the world and watches every HTTP call before it goes out. They built it because their production agents kept doing what one of their engineers called confusing activity with progress. The agent looks busy. It is hitting endpoints. The endpoints are wrong. The work product is garbage Crab Trap is a referee That is exactly the layer I talking about There is a study out this month from a research consortium of 306 AI practitioners The headline finding 82 of organizations have agents in production or pilot. But the number one challenge cited is reliability. Not capability. Reliability. The agents can do the work. They cannot consistently be trusted to do it without supervision. The protection layer is what closes that gap. If I were sitting in your seat this quarter, I would do three things. First, find out what your team is running. Ask your CTO or CIO a direct question. Are we running MCP servers and what sits in front of them? If the answer is yes with no qualifier, that's the answer that needs follow-up. If the answer is we don't know, that's the answer that needs immediate follow-up. Either way, you've moved the conversation forward. Second, do not let the protection question become an excuse to avoid the protocol. MCP is the right standard. Building a custom alternative is worse in every dimension than running MCP with the right wrapper. The decision is not whether to use it. The decision is what your team is putting around it. Third, name an owner, not a committee, one person whose performance review next quarter has a specific line on it for agent reliability and agent governance. If that owner is not on the org chart, the work is not getting done. It is getting talked about. This is the pattern most worth understanding the protocol your engineers are excited about is genuinely useful and genuinely standard. The work of making it safe to operate is a separate budget line and a separate skill set, and it isn't optional. It is the price of admission for running this stuff in a real company. You don't need to know how MCP works under the hood. You do need to know whether your team is treating it like a bare outlet or like a finished installation. That is the AI brief from the YPO Technology Network for Wednesday, April 29th. I'm Stephen Forte. If this was useful, send it to a fellow member or to the operator on your team who needs to hear it. I'll be back tomorrow. Until then, stay sharp.