Skip to main content

Embracing the MCP Suck: Taming the Wild West of AI Protocols

The Model Context Protocol (MCP) is moving faster than the developer community can keep up with, racing past its original design parameters and leaving teams scrambling to build clients that can match its pace. The result is an ecosystem where the protocol itself keeps shifting under everyone’s feet, and where the tooling, conventions and security thinking that should accompany a foundational standard are still being figured out on the fly.

Joey Stout, solutions architect at Spacelift, joins Mike Vizard to make the case that this is the price of being early. Stout describes an environment that increasingly resembles a Wild West, where rogue MCP servers get spun up inside organizations without anyone in leadership knowing they exist, let alone whether they have basic guardrails wrapped around them. The convenience of standing one up in a few minutes has outrun the discipline needed to govern them.

MCP servers can give AI agents broad reach into internal systems, data and APIs, and most of the early implementations were never designed with adversarial behavior in mind. Without authentication standards, scoped permissions and observability built in, every new server becomes another piece of shadow infrastructure that can be exploited, misconfigured or simply forgotten until it causes a problem.

Stout’s advice for developers is blunt: embrace the suck. The protocol is going to keep changing, the security story is going to keep evolving, and waiting for a stable, fully governed version before getting hands-on isn’t a realistic option. The teams that learn to wrangle MCP now — messy edges and all — will be the ones positioned to set the patterns everyone else ends up following.



from DevOps.com https://ift.tt/oSVnPFv
Labels:

Comments

Post a Comment

Popular posts from this blog

Cursor’s New SDK Turns AI Coding Agents Into Deployable Infrastructure

For most of its life, Cursor has been an IDE. A very good one. But with the public beta of the Cursor SDK, the company is making a different kind of move — one that should get the attention of DevOps teams. The Cursor SDK is a TypeScript library that gives engineers programmatic access to the same runtime, models, and agent harness that power Cursor’s desktop app, CLI, and web interface. In short, the agents that used to live inside an editor can now be invoked from anywhere in your stack. That’s a meaningful shift in how AI coding tools fit into software delivery pipelines. From the Editor to the Pipeline If you’ve used Cursor before, the workflow is familiar — you interact with an agent in real time, asking it to write functions, fix bugs, or review code. The SDK breaks that dependency on interactive use. Now you can call those same agents programmatically, from a CI/CD trigger, a backend service, or embedded inside another tool. Getting started is a single inst...
Post a Comment
Read more

Mistral Moves Coding Agents to the Cloud — and Gets Out of Your Way

For the past year or so, AI coding agents have been tethered to your local machine. You kick off a task, watch the terminal, and babysit every step. It works — but it’s not exactly hands-free. Mistral just changed that. On April 29, the Paris-based AI company announced remote coding agents for its Vibe platform, powered by a new model called Mistral Medium 3.5. The idea is simple: Instead of running coding sessions on your laptop, they now run in the cloud — asynchronously, in parallel, and without you watching over them. What’s Actually New Coding sessions can now work through long tasks while you’re away. Many can run in parallel, and you no longer become the bottleneck at every step the agent takes. That’s the core pitch. You start a task from the Mistral Vibe CLI or directly from Le Chat — Mistral’s AI assistant — and the agent handles the rest. When it’s done, it opens a pull request on GitHub and notifies you, so you review the result inste...
Post a Comment
Read more

GitHub Resets Copilot Pricing as AI Compute Costs Surge

The development community saw this one coming: GitHub will transition its Copilot service to a usage-based billing model on June 1, replacing its existing system of fixed subscriptions supplemented by premium request limits. As reported last week, GitHub suspended new sign-ups for several of its Copilot subscription tiers as it faced a surge in demand from agentic coding workflows. To address that, under GitHub’s new pricing model, customers across individual, business, and enterprise tiers will receive a monthly allocation of AI credits, which are consumed based on token usage. This includes input, output, and cached data processed by underlying models. Once those credits are exhausted, users can purchase additional capacity at published rates. The change leaves base subscription prices intact. Individual plans remain priced at $10 per month for Pro and $39 for Pro+, while business and enterprise tiers continue at $19 and $39 per user per month, respectively. Each plan’s monthly ...
Post a Comment
Read more