3 July 2025 : After generative AI, large language models, multi-modal intelligence, artificial general intelligence, and agentic AI, the artificial intelligence (AI) space is beginning to write another chapter. The phraseology we must wrap our heads around, and you’ll increasingly hear about this, is MCP, or Model Context Protocol. It is supposed to solve an integration bottleneck, one that would allow AI systems to interact with external data sources and tools. But is this insulated against security risks, while handling personal data?
It may have gone under the radar, but AI company Anthropic first mooted the idea of a singular connection language for AI assistants with other apps and systems users access, late last year — dubbed the “USB-C for AI”. Claude Sonnet 3.5 is their first model, adept at building MCP implementations for connecting AI with datasets, as a user may want to.
Indian fintech Zerodha launched an MCP integration with Anthropic’s Claude. Among the things it can do is curate portfolio insights, plan trades, backtest investment strategies, and generate personal finance dashboards. For users who aren’t proficient with the workings of the stock market, these insights may prove useful.
“MCPs are a new way for AI systems to interact with real-world services like trading accounts,” says Nithin Kamath, Founder and CEO of Zerodha, pointing out all the functionality is free to access.
Globally, companies are rushing to build MCP integrations, and there’s a core rationale for this sudden momentum. “AI agents and assistants have become indispensable creative partners, yet current workflows require users to manually add context or references, creating complexity,” explains Anwar Haneef, GM and Head of Ecosystem at Canva.
11Labs, which has built the 11ai personal voice assistant, has bolted on MCP connections with platforms including Perplexity and Slack. Autonomous coding agent Cline too can combine MCP servers from Perplexity and others, to create research workflows.
Amazon Web Services or AWS, in a technical document, explains MCP is an open standard that creates a universal language for AI systems to communicate with external data sources, tools, and services. Conceptually, MCP functions as a universal translator, enabling seamless dialogue between language models and the diverse systems, they say.
For users, this may open up a scenario where AI tools may be able to connect with different platforms, and thereby, a single window workflow approach, instead of manually copying data between applications or switching between multiple tools to complete tasks.
Take for example Canva, which becomes the first company to launch its deep research connector with OpenAI’s ChatGPT, and thereby give users access to designs and content created in Canva via their ChatGPT conversations. This will include Canva Docs and presentations as well.
The advantage? Summarising reports or documents, asking AI to analyse data, and for a more contextual conversation. AI will be able to use these tools to create content depending on what a user asks. “This is a major step in our vision to make the complex simple and build an all-in-one AI workflow that’s secure and accessible to all,” adds Haneef.
OpenAI announced MCP support earlier, says popular remote MCP servers include Cloudflare, HubSpot, Intercom, PayPal, Plaid, Shopify, Stripe, and Twilio, all encompassing various consumer and enterprise focused domains.
Microsoft has made substantial investments in MCP infrastructure, integrating the protocol with Azure OpenAI Services to allow GPT models to interact with external services and fetch live data. The company has released multiple MCP servers.
Anthropic, though an early mover, has had to change the approach to offering MCP to developers. The result, released a few days ago, are the new Desktop Extensions, to simplify MCP installations. “We kept hearing the same feedback: installation was too complex. Users needed developer tools, had to manually edit configuration files, and often got stuck on dependency issues,” the company says, in a statement.
Developers will need help with the integration. AWS has released their open-source AWS Serverless MCP Server, a tool that combines AI assistance with streamlined development, to help developers build modern applications.
Unchartered territory?
Risks, particularly with how a user’s data is being shared between two distinct digital entities, are something tech companies must remain cognisant of. As Kailash Nadh, Zerodha’s Chief Technology Officer explains, “Strictly from a user perspective, it feels liberating to be able to access services outside of their walled gardens and bloated UIs riddled with dark patterns. It moves a considerable amount of control from service providers to users, but at the same time, it concentrates decision-making and mediation in the hands of AI blackboxes.”
He is yet to find an answer to what happens in case of errors and failures with real-world implications, tracing accountability and the inevitable regulatory questions. “Whether the long-term implications of MCP’s viral, cross-cutting spread will be net positive or not, is unclear to me,” he adds.
AI security expert Simon Wilson is worried about users going overboard in “mixing and matching MCP Servers”. Particularly concerning is the attack method, called prompt injection.
“Any time you combine access to private data, exposure to untrusted content and the ability to externally communicate an attacker can trick the system into stealing your data,” he explains, in a Mastodon post. He points to the core of this approach, labelling it a “lethal trifecta” — access to private data, exposure to untrusted content and an ability to communicate externally.
“Be careful with which custom MCP servers you add to your ChatGPT workspace. Currently, we only support deep research with custom MCP servers in ChatGPT, meaning the only tools intended to be available within the remote MCP servers are search and document retrieval. However, risks still apply even with this narrow scope,” OpenAI warns developers, in a technical note.
Microsoft too has noted specific risks around misconfigured authorisation logic in MCP servers leading to sensitive data exposure and authentication tokens being stolen, which can then be used to impersonate and access resources inappropriately.
Summary:
MCP servers enable powerful AI integrations but expose users to threats like prompt injection, tool misuse, and data breaches due to poor configurations and weak controls.