Model Context Protocol (MCP)

Model Context Protocol (MCP) is an open standard, introduced by Anthropic in November 2024, that defines a uniform way for large language model applications to connect to external tools, data sources, and services through a client-server…

Model Context Protocol (MCP) is an open standard, introduced by Anthropic in November 2024, that defines a uniform way for large language model applications to connect to external tools, data sources, and services through a client-server architecture built on JSON-RPC messaging. Before MCP, every integration between a model and an external system was bespoke: each tool needed custom glue code for each application. MCP replaces that N-by-M problem with a single protocol. A server exposes three primitives—tools (callable functions), resources (readable data), and prompts (reusable templates)—and any compliant client can discover and use them without prior knowledge of the implementation. Servers run locally over stdio or remotely over HTTP, and the same server works across any host that speaks the protocol. Through 2025 the standard moved from an Anthropic project to a broad ecosystem, with OpenAI, Google, and major IDE and agent vendors shipping MCP support.

How it works

A host application embeds one or more MCP clients, each maintaining a stateful connection to a server. On connect, the client and server negotiate capabilities, then the client queries the server to discover available tools, resources, and prompts. When the model decides to act, the host sends a JSON-RPC request to invoke a tool; the server executes it and returns a structured result the model can read. Local servers communicate over stdio, while remote servers use HTTP with streaming for long-running calls. The model never talks to the server directly—the host mediates every exchange, controlling what the model sees and what it is allowed to invoke.

Why it matters for AI engineers

MCP turns tool integration into a reusable asset instead of per-app plumbing: write a server once and every MCP-capable client can use it, which cuts the maintenance cost of connecting agents to internal systems. Because the protocol is uniform, swapping the underlying model or host rarely breaks the tool layer. The tradeoff is a new attack surface—a malicious or compromised server can feed poisoned data or descriptions into the context, so treat server trust, permission scoping, and sandboxing as first-order security decisions. For shipping agents, MCP also standardizes how you audit and rate-limit what tools an agent can reach.

Related terms

Go deeper

Definitions are the start. Ask the Research Desk for a cited, multi-source brief on Model Context Protocol (MCP) — real sources, verified claims, delivered in minutes.

Ask the Research Desk →