Sign in Subscribe

One Year of Model Context Protocol: From Experiment to Industry Standard

How a November 2024 Launch Became the "USB-C for AI" in Just 12 Months

Ajeet Singh Raina

Ajeet Singh Raina

8 min read
One Year of Model Context Protocol: From Experiment to Industry Standard

The Birth of a Standard

On November 25, 2024, Anthropic introduced something that would fundamentally reshape how AI systems connect with the world: the Model Context Protocol (MCP).

Created by Anthropic developers David Soria Parra and Justin Spahr-Summers, MCP addressed what engineers called the "M×N problem"—the combinatorial explosion of connecting M different AI models with N different tools or data sources.

The Problem MCP Solved

Before MCP, connecting ten AI applications to 100 tools meant potentially 1,000 different custom integrations. MCP reduced this to a simple equation: implement the client protocol once, implement the server protocol once, and everything works together.

Explaining the modern architecture of Model Context Protocol

The Timeline: A Year of Unprecedented Growth

Q1 2025: Foundation Phase (November 2024 - February 2025)

November 25, 2024 - Launch

  • Anthropic open-sources MCP with SDKs in Python and TypeScript
  • Reference servers released: Google Drive, Slack, GitHub, Git, Postgres, and Puppeteer
  • Early adopters: Block and Apollo integrate MCP
  • Development tools companies (Zed, Replit, Codeium, Sourcegraph) begin integrations

December 2024 - January 2025

February 2025

Q2 2025: The Inflection Point (March - May)

March 26, 2025 - The Game Changer

OpenAI CEO Sam Altman announced on X:

"People love MCP and we are excited to add support across our products. available today in the agents SDK and support for chatgpt desktop app + responses api coming soon!"

This same day, MCP launched its second major specification (2025-03-26) introducing:

  • Streamable HTTP transport for cloud deployments
  • Comprehensive OAuth 2.1 authorization framework
  • Enhanced remote deployment capabilities

April 2025

Delivering a talk on MCP Security

April 22, 2025 - Docker Enters the MCP Arena

Docker announces Docker MCP Catalog and Docker MCP Toolkit, bringing container-grade security to the MCP ecosystem:

Docker MCP Catalog:

  • Centralized discovery platform integrated with Docker Hub
  • 100+ verified MCP servers at launch
  • Partnership with Stripe, Elastic, Neo4j, Heroku, Pulumi, Grafana Labs, Kong Inc., New Relic, Continue.dev and more
  • Publisher verification and versioned releases
  • Built on Docker Hub's infrastructure (20+ billion pulls monthly)

Docker MCP Toolkit:

  • One-click MCP server deployment from Docker Desktop
  • Built-in OAuth support and secure credential storage
  • Seamless integration with Gordon (Docker AI Agent), Claude, Cursor, VS Code, Windsurf, Continue.dev, and Goose
  • Enterprise controls: Registry Access Management (RAM) and Image Access Management (IAM)
  • Containerized MCP servers for isolation and security

Docker President and COO Mark Cavage:

"Building functional AI applications shouldn't feel radically different from building any other app."

May 2025

Q3 2025: Governance and Infrastructure (June - September)

June 18, 2025 - Specification v3

Major security and authorization update:

  • MCP servers classified as OAuth Resource Servers
  • Mandatory Resource Indicators (RFC 8707) to prevent token misuse
  • Structured tool outputs
  • Enhanced security best practices
Wrote the first MCP Horror Story and published it on July 31 @ Docker Official Blogging site

July 2025

September 2025

  • MCP Registry launches in preview - centralized catalog for server discovery
  • Initial batch of vetted servers onboarded
  • Major cloud providers contribute official servers

Q4 2025: Maturity and Foundation (October - December)

November 11, 2025

November 25, 2025 - First Anniversary

Major specification release includes:

  • Client ID Metadata Documents (CIMD) for simpler, more secure client registration
  • Tasks capability for long-running operations
  • MCP Registry reaches nearly 2,000 entries (407% growth since September)

December 9, 2025 - Linux Foundation

Anthropic donates MCP to the Agentic AI Foundation (AAIF) under the Linux Foundation, alongside:

  • goose by Block
  • AGENTS.md by OpenAI

Platinum founding members: Anthropic, Block, OpenAI, AWS, Bloomberg, Cloudflare, Google, and Microsoft

The Numbers: Explosive Growth

As of December 2025:

  • 97 million+ monthly SDK downloads across all languages
  • 10,000+ active MCP servers
  • 17,000+ community servers in various registries
  • 300+ MCP clients
  • 407% growth in registry entries (Sept-Nov 2025)
  • First-class support across ChatGPT, Claude, Cursor, Gemini, Microsoft Copilot, VS Code and more

The Ecosystem Explosion

Enterprise Adoption

Major deployments include:

Platform Integration

MCP is now supported by:

  • IDEs: VS Code, Cursor, Windsurf, JetBrains (planned)
  • AI Platforms: ChatGPT, Claude, Gemini, Microsoft Copilot
  • Development Tools: Playwright, Sourcegraph, GitHub
  • Databases: PostgreSQL, MySQL, MongoDB, Snowflake, BigQuery, Redis, Weaviate
  • Cloud Services: AWS Lambda/ECS/EKS, Azure AI Foundry, GCP

Community Innovation

The community has created MCP servers for:

  • Creative Tools: Blender, Aseprite, DaVinci Resolve
  • Communication: Discord, Slack, WhatsApp, Telegram
  • Development: GitHub, GitLab, Docker, Kubernetes
  • Healthcare: FHIR servers, Apple Health integration
  • IoT: 3D printer control, ESP RainMaker devices
  • And thousands more...

Technical Evolution

Architecture Maturity

MCP deliberately borrowed from the Language Server Protocol (LSP), using:

  • JSON-RPC 2.0 for message format
  • STDIO, SSE, and Streamable HTTP transports
  • Client-server architecture familiar to developers

Specification Progress

DateVersionKey Features
Nov 25, 20242024-11-05Initial release, STDIO transport
Mar 26, 20252025-03-26Streamable HTTP, OAuth 2.1
Jun 18, 20252025-06-18Resource Indicators, structured outputs
Nov 25, 20252025-11-25Tasks API, CIMD authentication

Challenges and Growing Pains

Security Concerns (April-June 2025)

Identified issues include:

  • Prompt injection vulnerabilities
  • ~7,000 misconfigured servers exposed publicly (approximately half of all servers)
  • Token misuse and credential exposure
  • Tool permission escalation risks
  • GitHub MCP server prompt injection weakness (May 26, 2025)
  • Asana MCP server data exposure bug

Technical Challenges

  • Version compatibility between rapid releases
  • JSON-RPC serialization overhead (10-15ms latency)
  • Limited multi-agent orchestration
  • Complex authentication flows initially

Why MCP Won

Strategic Factors:

  1. Right Problem, Right Time: AI agents needed standardized connectivity
  2. Open and Neutral: Open-source with vendor-neutral governance
  3. Network Effects: Each new server added value to the ecosystem
  4. Strategic Adoption: OpenAI's March 26 endorsement created tipping point
  5. "Good Enough" Design: Sufficient and improvable
  6. Community-Driven: Contributions from students to enterprises
  7. Proven Patterns: LSP-inspired architecture felt familiar

Comparison to other standards:

  • OpenAPI (Swagger): ~5 years
  • OAuth 2.0: ~4 years
  • HTML/HTTP: Much of the 1990s
  • MCP: ~4 months (Nov 2024 to March 2025)

The Docker Parallel

MCP's trajectory mirrors Docker's early days: thousands of varying-quality containers created by the community, outpacing enterprise adoption but building unstoppable momentum. That low barrier to contribution served both projects' early phases perfectly.

The Roadmap: What's Next

Immediate Priorities (2026)

  1. Asynchronous Operations: Support for long-running tasks
  2. Statelessness & Scalability: Horizontal scaling improvements
  3. Server Identity: .well-known URLs for capability discovery
  4. Official Extensions: Industry-specific patterns (healthcare, finance, education)
  5. SDK Standardization: Clear tiering system for SDK support
  6. MCP Registry GA: Production-ready registry service

Validation & Quality

  • Reference client implementations
  • Reference server implementation
  • Compliance test suites

Community Highlights

What distinguished MCP's first year was the community:

  • MCP Dev Summit, MCP Night, MCP Dev Days worldwide
  • Active Discord with specialized working groups
  • GitHub: 2,835+ commits to awesome-mcp-servers repository
  • 74,900+ GitHub stars on community list
  • Reddit community (r/mcp) sharing use cases
  • 17 SEPs processed in one quarter

Key Quotes from Industry Leaders

Mike Krieger, Chief Product Officer, Anthropic:

"MCP started as an internal project to solve a problem our own teams were facing. When we open sourced it in November 2024, we hoped other developers would find it as useful as we did. A year later, it's become the industry standard."

Jim Zemlin, Executive Director, Linux Foundation:

"We are seeing AI enter a new phase, as conversational systems shift to autonomous agents that can work together. Within just one year, MCP, AGENTS.md and goose have become essential tools for developers building this new class of agentic technologies."

From GitHub team:

"In just one year, MCP has evolved from an experiment to a widely adopted industry standard, highlighting the impact of open collaboration."

From OpenAI team:

"We believe open standards are an important part of an agentic web—helping models work with tools and platforms more seamlessly. OpenAI has been contributing to the MCP ecosystem since early on."

Conclusion: The Standard We Needed

One year ago, connecting AI to data meant custom code for every integration. Today, MCP has become the "USB-C for AI"—a universal standard enabling any AI model to connect to any data source.

But MCP's story isn't about technology alone. It's about community, collaboration, and the power of open standards to accelerate an entire industry. It's about competitors setting aside proprietary interests to build shared infrastructure.

As MCP enters its second year under Linux Foundation stewardship, with support from the AI industry's biggest players and a thriving community of builders, the protocol that was "just an experiment" twelve months ago is now critical infrastructure for the AI age.

You might find this interesting:

MCP Security Issues Threatening AI Infrastructure | Docker
Learn about critical MCP security issues, their real-world horror stories, and how to best mitigate these rising vulnerabilities.
DockerAjeet Singh Raina

MCP Horror Stories: The Supply Chain Attack | Docker
Learn about a critical OAuth vulnerability in mcp-remote that led to credential compromise and remote code execution across AI development environments.
DockerAjeet Singh Raina
The GitHub Prompt Injection Data Heist | Docker
Attackers can exploit GitHub issues to hijack AI assistants and exfiltrate private data. Discover how Docker’s OAuth safeguards against cross-repository data theft.
DockerAjeet Singh Raina
MCP Horror Stories: The Drive-By Localhost Breach | Docker
Learn how CVE-2025-49596 has turned MCP Inspector into a weapon of mass developer environment compromise in this edition of MCP Horror Stories.
DockerAjeet Singh Raina
MCP Horror Stories: WhatsApp Data Exfiltration | Docker
How tool poisoning turns WhatsApp into a data exfiltration channel, and how Docker MCP Gateway blocks it with validation, network isolation, and audit logging.
DockerAjeet Singh Raina

Read more