L4 Chapter 7 🐣 🕒 11 min

MCP Protocol Explained: The USB of the AI World

Anthropic launched MCP in 2024 — letting any tool plug into any LLM. In one year it became the de facto standard for AI Agent ecosystems.

Alai

8/8/2026

In L4-04 we covered Agents — letting an LLM call tools. But there’s a problem: every tool needs its own adapter for every LLM.

Tool A → adapter for GPT
Tool A → adapter for Claude
Tool A → adapter for Gemini
Tool B → adapter for GPT
Tool B → adapter for Claude
...

N tools × M LLMs = N×M adapters

Anthropic introduced MCP (Model Context Protocol) in 2024 to fix this— a uniform interface, any tool ↔ any LLM.

What is MCP

Analogy:

USB for hardware = MCP for AI tools

Before USB, every device used its own proprietary connector— you needed a special IBM port to plug in a keyboard. USB unified everything—every device uses the same port.

MCP does the same— unifying “the interface specification for AI tools”.

Any tool ────MCP────→ Any LLM
   ↓
(MCP Server)
   ↓
- Google Drive
- GitHub
- Database
- Custom tools

MCP’s Design

Three-layer architecture

LLM Client
  ↑↓ MCP Protocol
MCP Host (manages connections)
  ↑↓ JSON-RPC over stdio / HTTP
MCP Server (actual tool)
  ↑↓
External Service (Google Drive, GitHub, etc.)

Each layer has clear responsibilities:

LLM Client: the model layer (Claude / GPT / etc.)
MCP Host: coordinates multiple servers
MCP Server: one server per tool, handles the actual capability

Three “primitives”

MCP defines three things a tool can do:

1. Tools

“Functions” the LLM can call:

{
  "name": "search_files",
  "description": "Search for files in a directory",
  "input_schema": {
    "type": "object",
    "properties": {
      "query": {"type": "string"},
      "path": {"type": "string"}
    }
  }
}

The LLM reads this schema—it knows how to call the tool.

2. Resources

Content the LLM can “read”:

{
  "uri": "gdrive://documents/quarterly-report.pdf",
  "name": "Q3 financial report",
  "mimeType": "application/pdf"
}

The LLM can request to read this resource— the MCP server returns the content.

3. Prompts

Predefined workflows:

{
  "name": "analyze_codebase",
  "description": "Analyze a code repository",
  "arguments": [
    {"name": "repo_path", "required": true}
  ]
}

Users can trigger preset flows— the LLM knows how to complete them.

A Simple MCP Server

A minimal MCP server in Python:

from mcp.server import Server
from mcp.types import Tool, TextContent

server = Server("my-tool")

@server.list_tools()
async def list_tools():
    return [
        Tool(
            name="add_numbers",
            description="Add two numbers",
            inputSchema={
                "type": "object",
                "properties": {
                    "a": {"type": "number"},
                    "b": {"type": "number"}
                },
                "required": ["a", "b"]
            }
        )
    ]

@server.call_tool()
async def call_tool(name, arguments):
    if name == "add_numbers":
        result = arguments["a"] + arguments["b"]
        return [TextContent(type="text", text=str(result))]

if __name__ == "__main__":
    import asyncio
    asyncio.run(server.run_stdio())

Launch this server → any MCP-supporting client (Claude Desktop, Cursor, etc.) can use it immediately.

MCP Ecosystem (as of 2026)

One year after launch, MCP has become the de facto standard:

Clients with MCP support

Claude Desktop (Anthropic’s own, earliest support)
Cursor (coding IDE)
Cline (autonomous Agent)
Continue (open-source Cursor alternative)
Block Goose (from Block)
Sourcegraph Cody
Replit Agent

Popular MCP servers

Category	Examples
Files / Code	filesystem, git, github
Databases	postgres, mongodb, sqlite
Collaboration	Slack, Discord, Linear
Cloud storage	Google Drive, S3, Dropbox
API platforms	Stripe, Notion, Airtable
Browsers	Playwright, Puppeteer
Dev tools	docker, kubernetes
AI tools	image-gen, transcription

The community has built 1000+ MCP servers— almost any popular tool has an MCP integration.

Use Case: Claude Desktop + MCP

Letting Claude manage your local files, Git, and database directly:

# 1. Install Claude Desktop (with MCP support)

# 2. Install MCP servers
npm install -g @modelcontextprotocol/server-filesystem
npm install -g @modelcontextprotocol/server-github

# 3. Add these servers in Claude Desktop's config file

# 4. Restart Claude Desktop

# 5. Use them in chat!
"Take a look at /Users/me/projects/myapp, find all TODO comments
in Python files, and open the corresponding GitHub issues."

Claude will automatically:

Use filesystem server to list the directory
Read each .py file
Find TODOs
Use github server to create issues

An Agent workflow—from one sentence.

What MCP Solved

Before

Every AI application had to:

Write tool-calling prompts
Handle results
Maintain tool schemas
Adapt to different LLM tool-call formats

Every tool developer had to:

Write an OpenAI adapter
Write an Anthropic adapter
Write a Google adapter
Maintain multiple versions

Duplication exploded.

After MCP

Tool developers: write one MCP server, every LLM can use it. LLM vendors: support the MCP protocol, every tool works. App developers: configure MCP servers, the model calls them automatically.

N+M complexity instead of N×M.

Security Considerations

Letting LLMs call local tools— significant security risk:

1. Prompt injection

Malicious instructions hidden in user input or tool returns— could make the LLM call dangerous tools.

Example: User says “look at this email”—the email hides “delete all files”.

2. Permission control

What MCP tools can do—strict limits required:

Whitelist: only specific paths / commands allowed
Sandbox: run in isolated environment
Approval: dangerous ops require user confirmation

3. Data exfiltration

MCP servers may send data externally— auditing server code is critical.

Anthropic emphasized “permission model” and “user control” in MCP design— but in practice many MCP servers are community-built and may have issues.

Compared to Contemporary Solutions

OpenAI Function Calling (2023)

Designed for OpenAI models— not an open standard.

tools = [{
    "type": "function",
    "function": {...}
}]
response = openai.chat.completions.create(tools=tools, ...)

Problem: only works with OpenAI. Switch to Claude → rewrite.

LangChain Tools (2022+)

LangChain provides a “tool abstraction layer”— adapting to multiple LLMs.

Problem: it’s a library (you write code), not a protocol (a standard interface). Tool developers still need to write LangChain-specific adapters.

MCP (2024)

A real open protocol—

Any LLM can use it
Any tool can use it
JSON-RPC standard
Cross-language (Python, TypeScript, Go, Rust)

MCP is like HTTP / SMTP—a protocol-layer standard, not a single library.

The Future of MCP

2026 status

Already the de facto standard for AI Agents
OpenAI, Google evaluating support
Microsoft Copilot has partial support

Possible evolution

MCP 2.0: better state management, concurrency
MCP for Multimodal: image, audio streaming
MCP for Federated: cross-organization calls
MCP Auth: standardized permission model

Risks

Fragmentation: if vendors add proprietary extensions—protocol splits
Displacement: a better protocol may emerge

Looking at MCP’s 2024-2026 trajectory— it will at least dominate AI tool ecosystems for the next 3-5 years.

How to Get Started

I’m a user

Install Claude Desktop (best MCP experience)
Configure 1-2 MCP servers (filesystem, github, etc.)
Play with it—you’ll discover “Agents” can actually do real work

I’m a developer

Building AI Agent applications?

Write your own MCP server exposing your business capabilities
Let users call your tools from any LLM client
No need to lock into a single LLM vendor

I’m a SaaS company

Seriously consider—publishing an MCP server for your product:

Notion has an MCP server
Linear has an MCP server
Your product doesn’t? Users will use someone else’s.

MCP is reshaping the “tool integration” market.