Skip to content

AI term · last reviewed 2026-07-07

MCP

Also known as: Model Context Protocol

MCP (Model Context Protocol) is an open standard for how a language model or agent discovers and calls external tools, data, and prompts; each MCP server it connects to is a security boundary.

How it works

MCP (Model Context Protocol) is an open standard that defines how a language model or agent discovers and calls external tools, data resources, and prompts through a uniform interface. An MCP client (the model's host) connects to one or more MCP servers, each of which advertises the tools it exposes and the resources it can read. The model then invokes those tools during a conversation. The protocol standardizes the wiring so any compliant client can talk to any compliant server. The spec lives at modelcontextprotocol.io.

When it matters

MCP matters the moment you give an LLM the ability to act rather than just talk: read a database, send an email, hit an API. It is the connective tissue of the agentic web, and that makes every MCP server a security boundary, not a convenience layer. A poisoned tool description or an injected instruction in tool output can turn a helpful agent into an exfiltration path. See Secure an MCP Server.

Common misconceptions

  • "MCP is just a plugin format." It is a security boundary. Exposing a tool hands the model real authority.
  • "The model can tell data from instructions." It cannot reliably, which is why tool use output must be treated as untrusted (see prompt injection).
  • "Give the agent the API key." Never. Broker secrets server-side; keep credentials out of the model context.
← All terms