MCP (Model Context Protocol)

The Model Context Protocol (MCP) is an open standard for connecting AI agents to tools. An MCP server exposes a set of callable tools — wrapping a CRM, a database, a deploy pipeline — and an agent can discover and invoke them through a uniform interface. It’s become the common way to give agents new capabilities.

That convenience is also the governance challenge. Adding an MCP server is often a one-line change, and by default the agent inherits every tool the server exposes — not the two it actually needs. Three risks follow: over-grant (too many tools), confused deputy (a prompt injection steering the agent to a destructive tool it technically has), and no attribution (the upstream system sees a service account, not the agent and its owner).

The fix is to put the server behind a control plane rather than connecting the agent directly. The plane re-exposes the server’s tools as a single governed surface — namespaced, scoped per role, with argument-level guards and full logging. Ungranted tools are filtered from the manifest, so they’re invisible; write-capable tools start gated; upstream credentials stay with the plane.

Governed this way, “add an MCP server” produces a scoped, gated, fully audited surface by default — making the fast path and the safe path the same path.