Securing Model Context Protocol for Mass Enterprise Adoption
)
Anthropic’s Model Context Protocol (MCP) has become the de-facto interface for agents to reach tools, data, and other agents. It has become the standard for agents. Now we need to make MCP safe, governable, and observable at enterprise scale, so agents can be used for mission-critical enterprise use cases and access more sensitive data sources, such as electronic healthcare records (EHR). A rich ecosystem and neutral playing field may be the best recipe for delivering enterprise value and helping cross the chasm of agentic adoption.
Open Standards and Protocols
In the early days of the web, open protocols and software like HTTP and the Apache Web Server enabled anyone to publish content. Later REST was built on top of this infrastructure as a more formalized architectural pattern. MCP, like REST, provides a structured pattern for accessing tools and data. While REST provides a web-centric API, MCP is more of an AI-centric API.
MCP follows the REST tradition. Its value grows as developers build connectors for diverse tools and data, making every new server or integration useful across all MCP-compatible AI systems. Like REST, MCP creates a common language between AI, tools, and data sources, replacing fragmented proprietary integrations with a shared ecosystem.
MCP also democratizes participation. Just as REST lets anyone with a library connect to any API, MCP lets developers expose tools and data without cutting individual deals with AI providers.
As REST (layered on top of HTTP) became invisible infrastructure powering billions of interactions, MCP is poised to become the unseen foundation of AI—driven not by corporate strategy, but by developers solving problems and sharing solutions.
Growing the MCP Ecosystem
Given that MCP was just released this year, there is a long way to go in order to grow its ecosystem into something as powerful as the REST ecosystem. There are many gaps to fill, particularly around security and data protection, key issues that need to be addressed for broad enterprise adoption. Advanced enterprise use cases for MCP will involve using the protocol with sensitive data sources, and guarantees need to be in place to make sure that proper governance can be achieved.
What happens if these aren’t addressed? In the early cloud computing days, we saw a surge in so-called “Shadow IT.” We might also see the rise of “Shadow Agents” inside the enterprise. Security and compliance teams cannot allow arbitrary, unvetted, “Shadow Agents” running on developer laptops or a “server in a closet” to access critical data systems like electronic healthcare records (EHR), financial data, and customer PII. It is a security anti-pattern and the opportunity for abuse is startlingly high.
The Path Forward
Fortunately, there is a clear path forward to building security, compliance, and a rich ecosystem for MCP. Today, we already see some amazing open source tools for securing MCP servers such as AgentGateway and ArchGW. This is a starting point, yet more needs to be done.
The most comprehensive thinking I’ve seen to date was from a McKinsey QuantumBlack recent whitepaper, Seizing the Agentic AI Advantage, which lays out a case for what they call an “AI Agentic Mesh”.
Quoting directly from that whitepaper (edited lightly for brevity):
The agentic AI mesh is a composable, distributed, and vendor-agnostic architectural paradigm that enables [agents] to [act autonomously] across a wide array of systems, tools, and language models—securely, at scale, and built to evolve … At the heart of this paradigm are five mutually reinforcing design principles:
— Composability. Any agent, tool, or LLM can be plugged into the mesh without system rework.
— Distributed intelligence. Tasks can be decomposed and resolved by networks of cooperating agents.
— Layered decoupling. Logic, memory, orchestration, and interface functions are decoupled to maximize modularity.
— Vendor neutrality. All components can be independently updated or replaced as technology advances, avoiding vendor lock-in …
— Governed autonomy. Agent behavior is proactively controlled via embedded policies, permissions, and escalation mechanisms …
The Enterprise Secure Agentic AI Mesh
If the Agentic AI Mesh is to become “a thing”, then we know that it needs to be bolstered with smart security: thoughtful secure-by-design architecture, new kinds of security components, and high levels of observability, so we can assess it in real time. We can already see a number of these components in the wild, including:
| Category | Examples/Tools |
| Secure L7 proxy gateways | AgentGateway, ArchGW |
| Zero-trust networking security | Istio, Netbird, AtSign |
| Prompt guard rails | Llama-Stack, ArchGW, LiteLLM, other L7 inference proxies |
| Lifecycle management systems | Kubernetes, Docker |
| Registry and discovery systems | MCP Registry, DNS |
This is where a rich ecosystem of MCP-related vendors can help to fill gaps, package up enterprise solutions, and pave the way for mass enterprise adoption with high levels of confidence, governance, and trust.
The Shape of an Agentic Mesh
What might a complete Agentic Mesh look like and what gaps do we need to fill? Here’s an example architecture for consideration.
It’s beyond the scope of this particular article to cover every component, but the picture speaks for itself in illustrating the variety of components that are needed. Some of these components exist today, but there is still much work to do. Some of these items really require industry coordination, yet another reason for a rich ecosystem and perhaps a neutral playing field such as an Agentic Foundation.
Crossing the Chasm
Wrapping this up, here’s my prescription for helping enterprises “cross the chasm” on Agentic AI adoption:
Focus on MCP as the de facto winner
Foster a rich ecosystem of open source MCP-based projects, products, and solutions
Launch an Agentic Foundation to create a neutral playing field and encourage developers
Deliver a packaged, easy-to-use, open Agentic AI Mesh to the enterprise with built-in security
Allow enterprises to focus on use cases, not security for agents themselves
Ultimately, if the MCP ecosystem grows, matures, and becomes as rich as the HTTP/HTML ecosystem, enterprises will adopt AI Agents faster, recognize value sooner, and everyone wins.
Mirantis is working actively with the Linux Foundation and others on solutions in this area. If you are building on MCP, we want to collaborate. Learn more about our MCP AdaptiveOps offering and how to become an Early Design Partner.
)
)
)
)
)
