What Is the Model Context Protocol and Why It Matters

To be truly useful, AI agents need more than pre-trained knowledge. They must connect with the world around them, pulling in current, specific, and often sensitive information from internal systems. That means accessing business data, navigating knowledge bases, and triggering actions across tools and teams. In short, they need to interact with their environment in real-time and across organizational boundaries.

This is where the Model Context Protocol (MCP) comes in. MCP, an open standard developed by Anthropic, defines a universal interface for connecting AI models to external services and data sources. Instead of custom one-off integrations, MCP offers a plug-and-play framework. This lightweight, client-server architecture supports two-way communication between AI systems, business applications, developer tools, and content repositories.

The impact? AI agents become more capable, more interoperable, and more aware of the environments they operate in. MCP helps break down silos and accelerates time-to-value. But with this increased capability comes a critical question: how do we secure it?

HackerOne was an early adopter of MCP, seeing its potential firsthand while integrating it into Hai. What began as a co-pilot has since evolved into a full AI security agent, driven by concepts like MCP. In this two-part series, we’ll show how MCP unlocks new capabilities for AI agents, why failing to secure MCP could be the fastest way to turn your AI assistant into an attack vector, and how security practices like bug bounty, AI red teaming, and validation workflows are becoming critical to safely deploying these systems at scale.

Why MCP

Integrating AI agents with different services and data sources has traditionally been a complex and fragmented process. Bespoke integrations were necessary for each service, database, or third-party service, each requiring unique code, API management, and security configurations. This complexity posed a significant scalability problem. It limited the ability to scale AI adoption and fully leverage its potential for accessing and acting upon critical business information. Anthropic's Model Context Protocol (MCP) solves this by providing a universal interface. Instead of individual integrations, MCP offers a standard pathway for AI models to interact with services and data sources.

The hype around MCP is justified—it drastically reduces the time and complexity of integrating systems and data sources with your AI assistant. As an open protocol, it fosters community-driven connectors and shared best practices. By standardizing the interface layer, developers can focus on solving domain-specific problems rather than writing integration code.

Where adding new capabilities to your AI assistant once took significant development time, it’s now plug-and-play. Open-source MCP server implementations can be integrated in minutes. As more services adopt the protocol, each new integration improves interoperability, making future integrations easier and unlocking new use cases—driving broader adoption across services and platforms.

Earlier this year, the Hai team hosted a hack day to encourage creative experiments with Hai’s MCP capabilities. One engineer integrated Hai with the Dutch railway system in just minutes. For their demo, Hai estimated how long each report might take to complete and prioritized them accordingly so the engineer could wrap up the most manageable task before their train departed. This creative use case highlights how easy it is to build novel features with minimal effort.

The FOMO is real; there’s a competitive urgency. Organizations are racing to leverage AI assistants to access internal knowledge, execute tasks, and streamline workflows to stay ahead. Protocols like MCP dramatically shorten the time to market, which is critical in today’s world of relentless technological change.

How MCP Works Under the Hood 

At its core, MCP is a client-server protocol that defines how AI agents interact with external tools and data sources. But how you deploy it—remotely or locally—has real consequences for your security architecture. This isn’t just an infrastructure decision. It’s about where you draw your trust boundaries and who carries the risk when something goes wrong.

A hosted MCP server is typically hosted as a managed service or part of an MCP hub/repository. This approach makes it easy to connect your AI assistant to a wide range of services quickly. Developers can spin up new capabilities with minimal effort, lean on community-built connectors, and reduce operational overhead. For organizations looking to move fast, remote MCPs offer flexibility and momentum.

A local MCP server, by contrast, is fully hosted and managed inside your organization's infrastructure. This gives your team complete control over how connectors are deployed, reviewed, and secured. You choose the runtime, control the networking boundaries, enforce your access controls, and audit the code before deployment. This setup is ideal for organizations needing tighter governance or operating in sensitive environments where data access must be tightly controlled.

Whether hosted or local, each model supports the same core MCP protocol. The difference lies in how much of the integration pipeline you want to own—and how fast you want to move. Whether you prioritize control or speed, MCP gives teams a consistent, scalable way to wire AI agents into real-world workflows.

Why MCP Matters for Security-Conscious Organizations

Whether you're building, securing, or scaling AI, MCP delivers on a simple promise: smarter outcomes through seamless connectivity and interoperability.

It’s a win on two fronts. Remotely, it standardizes how AI systems interact across tools and platforms—making integrations faster and more scalable. Locally, it creates a clear, shared model for how services and assistants talk to each other. This is a big deal for security teams: MCP doesn’t just enable communication; it defines it. 

Developers and reviewers now have a standard blueprint for where interactions happen, how data flows, and what needs to be audited. As the ecosystem matures, so do the supporting tools—bringing us closer to standardized, reviewable, and secure implementations.

But there’s a catch. As developers race to integrate the latest AI-driven features, each new connection point expands the potential attack surface. Giving AI agents access to tools and data means we’re also extending trust boundaries—sometimes in ways that aren’t fully understood.

Traditional software had clearly defined interfaces and programmatic boundaries. With agents, those boundaries blur. They can call tools, chain actions, and operate in a shared context. In this new model, the weakest link isn’t just a bad practice—it can compromise the entire system's integrity. Security teams must reevaluate access controls when one agent can traverse many systems.

MCP Is Just the Beginning

As AI agents become more capable, the stakes get higher. MCP unlocks powerful new workflows but introduces new risks that organizations can’t afford to ignore.

In part 2, we’ll dig into the pitfalls of MCP, explore real-world supply chain vulnerabilities, and share security best practices to help you adopt MCP safely and confidently.