AI Explained · Protocol

What is MCP (Model Context Protocol)?

MCP is an open standard for connecting AI applications to external tools and data — a common plug so every app and every integration don't have to be wired together by hand.

The problem MCP solves

An AI assistant is far more useful when it can do things — read your files, query a database, call an API, search a wiki. But before MCP, every one of those connections was bespoke: each AI app integrated each tool in its own way. With M apps and N tools you faced M×N custom integrations. MCP — the Model Context Protocol — introduced by Anthropic in late 2024 and since adopted across the ecosystem, turns that into M + N: build one MCP server for your tool, and any MCP-compatible app can use it. It’s often described as “USB-C for AI tools” — one standard connector instead of a drawer full of adapters.

How it works

MCP is a client–server protocol (built on JSON-RPC, over local stdio or HTTP transports):

  • Host / client — the AI app (an IDE assistant, a chat client, an agent). It speaks MCP and connects to one or more servers.
  • Server — a small program that exposes a capability. You can run servers for a filesystem, a database, GitHub, a SaaS API, your internal docs — anything.

Each server can offer three kinds of things:

  • Tools — actions the model can call (e.g. search_issues, run_query). This is where MCP meets tool/function calling.
  • Resources — data the app can read (files, records, documents) to put in context.
  • Prompts — reusable prompt templates the server provides.

MCP vs function calling

They’re complementary, not competing. Function (tool) calling is the model deciding, mid-response, that it wants to invoke a tool and with what arguments. MCP is the standard way that tool is described, discovered, and connected in the first place. Function calling is the model raising its hand; MCP is the wiring that lets any tool be on the other end of it.

Why it matters

  • A reusable ecosystem. A growing catalog of open MCP servers means an agent can plug into new capabilities without custom glue each time.
  • Portability. Write an integration once; it works across any MCP-compatible host.
  • It’s how agents reach the real world. Most “agentic” behavior comes down to calling tools and reading resources — exactly what MCP standardizes.

A security note worth its own paragraph

An MCP server can be powerful — it may read your files, hit your database, or take actions. Connecting one is granting it real access, and a server’s tool descriptions enter the model’s context, which opens the door to prompt injection (a malicious server or document steering the model). Run servers you trust, review the permissions and actions each one exposes, and prefer least-privilege access. (A “review an MCP config before you run it” tool is on the KB Cafe bench.)

FAQ

Is MCP tied to one company or model?

No — it’s an open protocol. It originated at Anthropic but is implemented across many apps and works with different models; the point is a shared standard rather than a vendor lock-in.

Do I need MCP to use tool calling?

No. You can wire tools directly into a single app. MCP matters when you want those tools to be reusable across apps, or to plug into the wider ecosystem of existing servers.

Is an MCP server safe to install?

Treat it like installing software with access to your data. Use trusted sources, read what tools and permissions it exposes, and apply least-privilege — an MCP server can act on your behalf.

Related

See context windows (tool descriptions live there) and RAG, or browse AI Explained.