Skip to main contentArrow Right
IdentipediaArrow Left

What Is the Model Context Protocol (MCP) and How It Works

Share on:

Table of Contents

Large language models (LLMs) like Claude, ChatGPT, Gemini, and LlaMA have completely changed how we interact with information and technology. They can write eloquently, perform deep research, and solve increasingly complex problems. But while typical models excel at responding to natural language, they’ve been constrained by their isolation from real-world data and systems. 

The Model Context Protocol (MCP) addresses this challenge by providing a standardized way for LLMs to connect with external data sources and tools—essentially a “universal remote” for AI apps. Released by Anthropic as an open-source protocol, MCP builds on existing function calling by eliminating the need for custom integration between LLMs and other apps. This means developers can build more capable, context-aware applications without reinventing the wheel for each combination of AI model and external system.

Before and after MCP

This guide explains the Model Context Protocol’s architecture and capabilities, how it solves the inherent challenges of AI integration, and how you can begin using it to build better AI apps that go beyond isolated chat interfaces.

LLM isolation & the NxM problem

It’s no secret that LLMs are remarkably capable, but they typically operate in isolation from real-world systems and current data. This creates two distinct but related challenges: one for end users, and one for developers and businesses.

For everyday users, the isolation means a constant “copy and paste tango” to get relevant responses about recent data. This requires manually collecting information from various sources, feeding it into the LLM’s chat interface, and then extracting or applying the AI’s output elsewhere. While several models offer AI-powered web search, and Anthropic’s Sonnet 3.X models boast a Computer Use feature, they still lack direct integration with knowledge stores and tools.

For devs and enterprises, the challenge is much more complex: the “NxM problem,” where N represents LLMs and M stands for tools. On the N side, there are many AI systems, and on the M side, there are countless systems. Each LLM provider has their own protocols to connect with external tools, making the potential integration points essentially endless. 

By breaking the NxM problem down, we can see it causes:

  • Redundant development efforts: Dev teams will repeatedly solve the same integration issues for each new AI model or data source. For example, connecting ChatGPT with your knowledge stores requires starting from scratch with custom code. But with every additional AI system or tool, your devs have to do everything from the beginning each time—N multiplied by M.

  • Excessive maintenance: Tools, models, and APIs will inevitably evolve, and business will want to stay on the cutting edge. The lack of standardization means an integration can potentially stop working because a tool or model is updated, or an old one is deprecated.

  • Fragmented implementation: Different integrations may handle similar functions in totally unexpected ways, creating unpredictable or undesirable results. This fragmentation can lead to end user confusion or frustration as different developers and companies implement inconsistent integrations.

However, it’s important to understand that MCP doesn’t solve the NxM problem by simply replacing the integration methods that came before. It connects AI apps to context while building on top of function calling—the primary method for calling APIs from LLMs—to make development simpler and more consistent. 

Relationship between function calling & Model Context Protocol

Function calling, which allows LLMs to invoke predetermined functions based on user requests, is a well-established feature of modern AI models. Sometimes referred to as “tool use,” function calling is not mutually exclusive with MCP; the new protocol simply standardizes how this API feature works. 

Without MCP, when you use a function call directly with an LLM API, you need to:

  1. Define model-specific function schemas, which are JSON descriptions of the function, acceptable parameters, and what it returns.

  2. Implement handlers (the actual code that executes when a function is called) for those functions.

  3. Create different implementations for each model you support.

MCP standardizes this process by:

  1. Defining a consistent way to specify tools (functions) across any AI system.

  2. Providing a protocol for discovering available tools and executing them.

  3. Creating a universal, plug-and-play format where any AI app can use any tool without custom integration code.

You might be familiar with AI apps that use function calling, like Custom GPTs using GPT Actions. A Custom GPT can determine which API call resolves the user's prompt, create the necessary JSON, then make the API call with it. While this allows some purpose-built tooling, it’s bound to OpenAI’s ecosystem. MCP brings similar capabilities to any AI application that implements the protocol, regardless of the underlying model vendor.

MCP architecture and core components

The Model Context Protocol uses a client-server architecture partially inspired by the Language Server Protocol (LSP), which helps different programming languages connect with a wide range of dev tools. Similarly, the aim of MCP is to provide a universal way for AI applications to interact with external systems by standardizing context.

MCP general architecture
Fig: MCP general architecture

Core components

MCP architecture consists of four primary elements:

MCP core components
Fig: MCP core components

  1. Host application: LLMs that interact with users and initiate connections. This includes Claude Desktop, AI-enhanced IDEs like Cursor, and standard web-based LLM chat interfaces.

  2. MCP client: Integrated within the host application to handle connections with MCP servers, translating between the host’s requirements and the Model Context Protocol. Clients are built into host applications, like the MCP client inside Claude Desktop.

  3. MCP server: Adds context and capabilities, exposing specific functions to AI apps through MCP. Each standalone server typically focuses on a specific integration point, like GitHub for repository access or a PostgreSQL for database operations.

  4. Transport layer: The communication mechanism between clients and servers. MCP supports two primary transport methods:

    • STDIO (Standard Input/Output): Mainly local integrations where the server runs in the same environment as the client.

    • HTTP+SSE (Server-Sent Events): Remote connections, with HTTP for client requests and SS for server responses and streaming.

All communication in MCP uses JSON-RPC 2.0 as the underlying message standard, providing a standardized structure for requests, responses, and notifications.

How MCP works

When a user interacts with a host application (an AI app) that supports MCP, several processes occur behind the scenes to enable quick and seamless communication between the AI and external systems. Let’s take a closer look at what happens when a user asks Claude Desktop to perform a task that invokes tools outside the chat window.

Protocol handshake

  1. Initial connection: When an MCP client (like Claude Desktop) starts up, it connects to the configured MCP servers on your device.

  2. Capability discovery: The client asks each server "What capabilities do you offer?" Each server responds with its available tools, resources, and prompts.

  3. Registration: The client registers these capabilities, making them available for the AI to use during your conversation.

MCP Claude Mermaid Chart
Fig: A mermaid chart created by Claude, demonstrating how Claude uses external tools with MCP.

From user request to external data

Let's say you ask Claude, "What's the weather like in San Francisco today?" Here's what happens:

  1. Need recognition: Claude analyzes your question and recognizes it needs external, real-time information that wasn't in its training data.

  2. Tool or resource selection: Claude identifies that it needs to use an MCP capability to fulfill your request.

  3. Permission request: The client displays a permission prompt asking if you want to allow access to the external tool or resource. 

  4. Information exchange: Once approved, the client sends a request to the appropriate MCP server using the standardized protocol format.

  5. External processing: The MCP server processes the request, performing whatever action is needed—querying a weather service, reading a file, or accessing a database.

  6. Result return: The server returns the requested information to the client in a standardized format.

  7. Context integration: Claude receives this information and incorporates it into its understanding of the conversation.

  8. Response generation: Claude generates a response that includes the external information, providing you with an answer based on current data.

Ideally, this entire process happens in seconds, creating an unobtrusive experience where Claude appears to "know" information it couldn't possibly have from its training data alone.

MCP client & server ecosystem

Since its introduction late 2024, MCP has gained rapid adoption across numerous platforms, creating a diverse ecosystem of clients and servers that bridge the gap between LLMs and external tools.

Examples of MCP clients

MCP clients vary widely, from desktop applications to development environments. Claude Desktop serves as Anthropic's first-party offering, providing comprehensive support for everything MCP can do. 

Several code editors and IDEs have adopted support for the protocol, including Zed (which surfaces prompts as slash commands), Cursor (with MCP tools in its Composer environment), Continue (an open-source AI code assistant for JetBrains and Visual Studio Code), and Sourcegraph Cody (which implements MCP through OpenCtx).

Framework support has expanded to include integrations for Firebase Genkit, LangChain adapters, and platforms like Superinterface, which helps developers build in-app AI assistants with MCP functionality.

Examples of MCP servers

The MCP ecosystem comprises a diverse range of servers including reference servers (created by the protocol maintainers as implementation examples), official integrations (maintained by companies for their platforms), and community servers (developed by independent contributors).

Reference servers

Reference servers demonstrate core MCP functionality and serve as examples for developers building their own implementations. These servers, maintained by MCP project contributors, include fundamental integrations like:

  • PostgreSQL: Allows interaction with PostgreSQL databases, executing read-only SQL queries on the connected system. The fact that all commands are deployed with a read-only limitation showcases how to keep MCP tooling within specific parameters.

  • Slack: Enables AI apps to read and write messages in Slack workspaces, add reactions, retrieve channel history, and more. While straightforward, this underscores the potential for MCP to retrieve information from a wide variety of sources, including popular messaging apps.

  • GitHub: Provides support for a wide variety of actions, including creating forks or branches, listing issues, making pull requests, and even searching for code across GItHub repositories. The GitHub MCP server serves as a benchmark for how AI assistants can interact with external APIs.

Official MCP integrations

These servers are officially supported by the companies who own the tools. Integrations like these are production-ready connectors available for immediate use.

  • Stripe: This integration can handle use cases like generating invoices, creating customers, or managing refunds through natural language requests. Here, the main draw is the potential for delegating payment concerns to customer-facing chatbots.

  • JetBrains: Lets developers leverage AI assistance directly within JetBrains IDEs. This integration provides code exploration (i.e., reading the file), breakpoint setting, and terminal command execution through natural language. 

  • Apify: Through the use of over 4,000 Apify Actors, enables a wide range of functions including a RAG (Retrieval Augmented Generation) web browser, data scraping across multiple platforms, and content crawling.

Community MCP servers

The community-driven ecosystem exemplifies how standardization can accelerate adoption and creativity. The following servers are maintained by enthusiasts rather than businesses, which means they trend toward a more diverse range of needs.

  • Discord: The gaming-focused messaging app Discord shares many similarities with Slack, and the MCP server integration is no different. This allows users to send and read messages, with automatic server and channel discovery for easier navigation.

  • Docker: Enables natural language interaction with Docker to manage containers, volumes, and volumes. Intended for server admins and tinkerers, this abstracts Docker both local and remote engine management into a friendlier interface.

  • HubSpot: This integration with ubiquitous CRM HubSpot allows users to list and create contacts, get recent engagements, and manage companies. While simple, this server provides a simple way to retrieve information for use with other tools.

Security considerations for MCP servers

MCP’s OAuth implementation using HTTP+SSE transport servers exhibits the same risks as standard OAuth flows. Developers should be vigilant about open redirect vulnerabilities, properly secure tokens, and implement PKCE for all authorization code flows. 

Though MCP has yet to implement authorization at the time of this writing, the proposed draft will incorporate a subset of OAuth 2.1. This means that the core concerns remain unchanged, and familiarity with common OAuth misconfigurations can help developers avoid security gaps.

Human-in-the-loop design is a critical element in protecting MCP server users. Clients must request explicit permission from the user before accessing tools or resources, placing an important checkpoint against automated exploits. However, this protection depends on clear permission prompts that help users make informed decisions—and a transparent understanding of the proposed scopes.

This responsibility largely falls on server developers, who should strictly follow the principle of least privilege. Ideally, MCP servers will request only the minimum access necessary for their functionality. This ensures servers aren’t accidentally exposed to sensitive data while strengthening resilience against supply chain attacks that leverage unsecured connections between different resources. You can learn more about customizing scopes in our OAuth scopes and provider tokens guide.

Conclusion

The Model Context Protocol represents a significant leap in connecting LLMs to external systems, standardizing a fragmented ecosystem and potentially resolving the NxM problem. By universalizing how AI applications talk to tools and data sources, MCP reduces development overhead and enables a more interoperable ecosystem where innovation benefits the entire community—rather than remaining siloed.

As MCP continues to progress as a standard, several new developments have appeared on the horizon:

  • Official MCP registry: A maintainer-sanctioned registry for MCP servers is being planned, which will simplify discovery and integration of available tools. This centralized repository will make it easier for anyone (not just those willing to scour GitHub) to find a server matching their needs.

  • Sampling capabilities: Though not yet fully supported in many clients, the sampling feature will enable servers to request completions from LLMs through the client. This essentially allows for sophisticated AI-to-AI collaboration while maintaining thorough human oversight.

  • Finalized authorization specification: The current authorization specification is in draft status and will be formalized to provide clearer guidance on secure server implementation. As outlined above, the proposed methodology uses a subset of the OAuth 2.1 standard.

While these upcoming additions will further cement MCP’s role in making AI development faster and easier, the protocol has already made a huge impact on the LLM ecosystem. Providing a common format for integrations amounts to more than speeding up the processes we already have. It has created a space where both major enterprises and individual contributors can build equally viable, increasingly valuable options to make everyone’s lives better.

As adoption continues to grow, we’ll likely see AI assistants that are not just more informed about a given context, but ones who are genuinely more helpful in managing and navigating the complex digital world around us.

For more developer updates from the world of authentication, access control, and AI, subscribe to our blog or follow us on LinkedIn.

Liked what you saw?

Check out these posts next

What Is OAuth & How Does It Work

Read more

Fine-Grained Authorization Explained & When to Use It

Read more

What Is Token-Based Authentication & How It Works

Read more

What Is OAuth & How Does It Work

Read more

Fine-Grained Authorization Explained & When to Use It

Read more

What Is Token-Based Authentication & How It Works

Read more
Chat with Sales

Anonymously - no Slack account required

Users Love Us BadgeLeave a Descope review

All systems operational

Copyright © Descope Inc. All rights reserved.