What Is the Model Context Protocol (MCP)? A Plain-English Guide
What MCP is, in one paragraph
The Model Context Protocol (MCP) is an open standard that defines how an AI application talks to external tools and data. An AI assistant — the client/host — connects to one or more MCP servers, each of which exposes some capability: reading files, querying a database, calling an API, searching the web. The model can then discover those capabilities at runtime and use them to get work done. MCP was released by Anthropic in November 2024 and, within a year, was adopted by OpenAI, Google DeepMind and most major agent frameworks — making it the closest thing the agent ecosystem has to a universal connector.
The problem MCP solves
Before MCP, every AI-to-tool connection was bespoke. If you wanted your assistant to read from GitHub, query Postgres, and check Slack, you wrote three separate integrations — and so did everyone else, over and over. This is the classic M×N problem: M AI applications each needing custom glue for N tools.
MCP turns that into an M+N problem. A tool author writes one MCP server. An AI app implements the MCP client once. After that, any client can talk to any server. The integration work is written once and reused everywhere — the same reason USB-C replaced a drawer full of proprietary chargers.
How MCP works
MCP uses a client–server architecture over JSON-RPC 2.0:
- Host / client — the AI application (e.g. Claude, an IDE assistant, a custom agent). It launches or connects to servers and mediates what the model is allowed to do.
- Server — a lightweight program that exposes capabilities for one system (a filesystem, a SaaS API, a database).
- Transport — how they talk. Locally that's stdio (the client spawns the server as a subprocess). Remotely it's streamable HTTP, which replaced the older HTTP+SSE transport.
Servers expose three core primitives:
| Primitive | What it is | Who controls it | Example |
|---|---|---|---|
| Tools | Actions the model can call | Model-driven (with user approval) | create_issue, run_query, send_email |
| Resources | Read-only data the model can load as context | App-driven | A file, a database row, a webpage |
| Prompts | Reusable, parameterised prompt templates | User-driven | "Summarise this PR", "Draft a reply" |
A typical flow: the client connects, asks the server "what can you do?" (tools/list), shows the model the available tools, and when the model decides to call one, the client executes it — usually pausing for user approval first — and returns the result.
Who uses MCP (2026)
- Anthropic created MCP and ships it across Claude apps, Claude Code and the API.
- OpenAI announced full MCP support across its Agents SDK, the Responses API and the ChatGPT desktop app in March 2025.
- Google DeepMind confirmed MCP support for Gemini in April 2025.
- Thousands of community and vendor servers now exist for everything from GitHub and Stripe to Postgres and Playwright.
That cross-vendor buy-in is why MCP, not any single company's plugin system, became the default integration layer for agents.
How the spec has evolved
MCP moved fast in its first year. The headline revisions:
- March 2025 — introduced OAuth 2.1 as the authorization foundation for remote servers.
- June 2025 — formalised MCP servers as OAuth Resource Servers and mandated Resource Indicators (RFC 8707), so a token minted for one server can't be replayed against another.
- November 25, 2025 — the one-year-anniversary release, the largest update yet: asynchronous tasks, elicitation (servers asking the user for input mid-task), server-side agent loops, an extensions system, and Client ID Metadata Documents (CIMD) replacing dynamic client registration as the default identity model.
MCP vs related ideas
- MCP vs a plugin/function-calling API: Function calling lets one model call tools you've hard-coded into your app. MCP standardises the tools themselves so they're portable across any model and app. They compose — most clients turn MCP tools into function calls under the hood.
- MCP vs llms.txt:
llms.txtis a static map that helps AI read and understand your site. MCP is a live protocol that lets AI take actions against your systems. One is documentation for comprehension; the other is an interface for execution. - MCP vs an API: An MCP server usually wraps an existing API and presents it in a model-friendly, self-describing way (typed inputs, natural-language descriptions, built-in discovery).
Frequently asked questions
Who created MCP and is it open? Anthropic introduced it in November 2024 and open-sourced the specification and SDKs. It's an open standard with multi-vendor governance, not a proprietary Anthropic feature.
Do I need MCP to build an agent? No — you can hard-code tools with plain function calling. MCP pays off when you want tools that are reusable across projects and clients, or when you want to plug into the growing ecosystem of existing servers instead of building your own.
Is MCP only for Claude? No. ChatGPT, Gemini and many open-source frameworks are MCP clients. A server you write works with all of them.
Is MCP safe to use? It's powerful, which means it has a real attack surface — tool poisoning, prompt injection through tool results, and over-permissioned servers are the main risks. We cover them in detail in Is MCP Secure? MCP Security Risks Explained.
What's the difference between a tool and a resource? A tool performs an action and is invoked by the model; a resource is read-only data the application loads as context. Tools do; resources inform.
Building or evaluating agents? See what an autonomous web agent actually is and the best open-source browser agents in 2026. To check whether your own site is easy for AI agents to use, run the free Agent Readiness Checker.