Open sourced by humans in November 2024, Model Context Protocol (MCP) has quickly become a cross-cloud standard for connecting AI agents to the entire enterprise landscape. Since its launch, major cloud vendors and leading AI providers have shipped first-party MCP integrations, while independent platforms are rapidly expanding the ecosystem.
1. MCP Overview and Ecosystem
What is MCP?
- MCP is an open standard (based on JSON-RPC 2.0) that enables AI systems (such as large language models) to safely discover and invoke any MCP-compatible server exposed features, tools, APIs or data storage.
- Eliminating the “N×M” connector problem in tool integration is special: once the tool says MCP, any An agent or application that supports MCP can connect to it safely and predictably.
- Official SDK: Python, Typescript, C#, Java. There are reference servers for databases, GitHub, Slack, Postgres, Google Drive, Stripe, Stripe, etc.
Who is using MCP?
- Cloud provider: AWS (API MCP Server, MSK, Price List), Azure (AI Foundry MCP Server), Google Cloud (MCP Toolbox for Database).
- AI Platform: Openai (Adents SDK, Chatgpt Desktop), Google DeepMind (Gemini), Microsoft Copilot Studio, Claude Desktop.
- Developer Tools: REPLIT, ZED, SourceGraph, Codeium.
- Enterprise Platform: Block, Apollo, Fusebase, Wix – Embed MCP to integrate AI assistants into custom business workflows.
- Ecosystem Growth: The global MCP server market is expected to reach $10.3B in 2025, reflecting rapid enterprise adoption and ecosystem maturity.
2. AWS: MCP on cloud scale
New features (July 2025):
- AWS API MCP Server: Developer Preview is launched in July 2025; enables MCP-compatible AI agents to call any AWS API safely through natural language.
- Amazon MSK MCP Server: Now a standardized language interface is provided to monitor KAFKA metrics and manage the cluster through proxy applications. Built-in security through IAM, fine-grained permissions and OpenTelemetry tracking.
- Price List MCP Server: Real-time AWS pricing and availability – On-demand exchange rate.
- Other products: Code Assistant MCP Server, Bedrock Agent Runtime and Sample Server for a quick start. All are viable open source.
Integration steps:
- Use Docker or ECS to deploy the required MCP server, leveraging the official AWS guide.
- Harden endpoints with TLS, Cognito, WAF and IAM roles.
- Define API visibility/function-EG,
msk.getClusterInfo. - Issue oauth tokens or IAM credentials for secure access.
- Connect with AI customers (Claude Desktop, OpenAi, Bedrock, etc.).
- Monitor observability through CloudWatch and OpenElemetry.
- Rotate credentials and review access policies regularly.
Why AWS Leadership:
- Unparalleled scalability, official support for the widest set of AWS services, and fine-grained multi-region pricing/context API.
3. Microsoft Azure: MCP in Copilot & AI Foundry
what’s new:
- Azure AI Foundry MCP Server: Unified protocols now connect Azure Services (COSMOSDB, SQL, SharePoint, Bing, Fabric) to free developers from custom integration code.
- Copilot Studio: Seamlessly discover and call MCP features – making it easy to add new data or operations in Microsoft 365 workflows.
- SDK: Python, TypeScript, and community suites are updated regularly.
Integration steps:
- Build/start an MCP server in an Azure container application or in an Azure functionality.
- Fixed endpoints using TLS, Azure AD (OAUTH), and RBAC.
- Copilot Studio or Claude Integration that publishes the secondary agent.
- Connect to backend tools via MCP mode: COSMOSDB, BING API, SQL, etc.
- Use Azure Monitor and Application Insights for Telemetry and Security Monitoring.
Why Azure stands out:
- Deep integration with Microsoft productivity suite, enterprise-level identity, governance and no/low code proxy support.
4. GoogleCloud: MCP Toolbox and Vertex AI
what’s new:
- The database MCP toolbox: The open source module was released in July 2025, simplifying A-Agent access to cloud SQL, SPANNER, ALLOYDB, BIGQUERY, etc., reducing integration to.
- Vertex AI: Native MCP allows for a powerful multi-agent workflow between tools and data through the Agent Development Kit (ADK).
- Security model: Centrally connected, IAM integration and VPC service controls.
Integration steps:
- Start the MCP toolbox from the cloud market or deploy as a hosted microservice.
- Use IAM, VPC service control and OAuth2 security.
- Register the MCP tool and expose the API to AI proxy consumption.
- Call database operations (e.g.
bigquery.runQuery) LLM via vertex AI or MCP enabled. - Audit all accesses with cloud audit logs and binary authorization.
Why GCP is good at:
- Best-in-class data tool integration, fast proxy orchestration and strong corporate network hygiene.
5. Best practices for the cloud
| area | Best Practices (2025) |
|---|---|
| Safety | OAuth 2.0, TLS, fine-grained IAM/AAD/COGNITO roles, audit logs, zero trust configuration |
| Discover | Dynamic MCP function discovery at startup; mode must be kept up to date |
| model | Well-defined JSON-RPC pattern with robust error/edge handling |
| Performance | Use batch, cache and pagination discovery in large tool lists |
| test | Test invalid parameters, multi-agent concurrency, record and traceability |
| Monitoring | Export telemetry via OpenTelemetry, CloudWatch, Azure Monitor and App Insights |
6. Safety and Risk Management (Threatening Landscape 2025)
Known risks:
- Timely injection, abuse of privileges, tool poisoning, imitation, shadow MCP (Rogue Server) and new vulnerabilities can implement remote code execution in some MCP client libraries.
- Reduction: Connect to a trusted MCP server via HTTPS only, disinfect all AI inputs, verify tool metadata, deploy strong signature verification, and regularly view privilege scopes and audit logs.
Recent vulnerabilities:
- July 2025: CVE-2025-53110 and CVE-2025-6514 highlight the risks of remote code execution of malicious MCP servers. All users should update the affected libraries urgently and restrict access to public/untrusted MCP endpoints.
7. An expanded ecosystem: surpassing the “Big Three”
- Humans: Core reference MCP servers – Postgres, GitHub, Slack, Puppeteer. Maintain a quick release of new features.
- Openai: GPT-4O, proxy SDK, sandboxing and all MCP support in production use; extensive tutorials are available now.
- Google DeepMind: The Gemini API has native SDK support for MCP definitions, expanding the coverage of enterprises and research programs.
- Other companies using MCP:
- Netflix: Internal data arrangement.
- Databricks: MCP for integrated data pipeline agent.
- Docusign, Literature: Automation of legal agreements for MCP.
- REPLIT, ZED, CONDIUM, SourceGraph: Real-time code context tool.
- Blocks (square), Apollo, Ford Bass, Wix: Next-generation enterprise integration.
8. Example: AWS MSK MCP Integration Flow
- Deploy the AWS MSK MCP server (using the official AWS GITHUB example).
- Use cognito(oauth2), waf, iam safe.
- Configure available API operations and token rotation.
- Connect to supported AI agents (Claude, Openai, Bedrock).
- Use proxy calls, e.g.
msk.getClusterInfo. - Monitor and analyze using CloudWatch/OpentElemetry.
- Iterate by adding new tool API; execution is at least privileged.
9. Summary (July 2025)
- MCP is the core open standard for AI to tool integration.
- AWS, Azure, and Google Cloud each offer powerful first-party MCP support with a secure enterprise model, usually open source.
- Leading AI and developer platforms (OpenAI, DeepMind, Humans, RepliT, SourceGraph) have now become the “first move” of the MCP ecosystem.
- Security threats are real and dynamic – submit tools, use zero trust, and follow best practices for credential management.
- MCP unlocks rich, maintainable proxy workflows for useless or every custom API.
Michal Sutter is a data science professional with a master’s degree in data science from the University of Padua. With a solid foundation in statistical analysis, machine learning, and data engineering, Michal excels in transforming complex data sets into actionable insights.
