Feature
Ask any enterprise IT leader to describe their digital workplace technology stack and watch them wince. Thirty-seven apps, none of them talking to each other.
There is a solution. Model Context Protocol (MCP) connectors promise to end this dysfunction by creating a universal language for AI to have access to everything — calendars, emails, customer databases, file systems — all at once. While the idea sounds transformative, the reality divides experts into believers and skeptics, with billions of dollars riding on who's right.
Table of Contents
- Two Views of MCP Complexity
- How AT&T Built MCP as a Governance Platform
- MCP’s Composability Promise
- MCP Results in Production
- The Mission-Critical MCP Question
- Consent and Explainability Build Trust
- Where MCP Goes From Here
Two Views of MCP Complexity
Where others see chaos, Druid AI CEO Joseph Kim sees simplicity. "MCP connectors are not complex," he said. "They are actually much simpler than the well-known APIs. MCP is a simple proxy that adjusts the legacy systems APIs to the syntax of MCP."
"The MCP is middleware,” Kim explained. “Historically, the concept is not new. It used to be called Enterprise Application Integration." Organizations have solved these problems before. MCP just updates the playbook.
Others call MCP a trap disguised as convenience, like Vaclav Vincalek, a tech advisor with 30 years in enterprise architecture. Consider this common request. "Identify the changes over time in our thinking about project XYZ where the collaborators were working within the last 6 months. Include all the conversation, files and emails; and highlight the points which were crucial for the outcome,” he said.
It sounds reasonable. But Vincalek calls it "a security and privacy nightmare for the organization." The core problem is that "It is not clear in which context the question was asked and most importantly, who's asking,” he said. When an AI system aggregates content from multiple systems, each with its own access controls, the question of who sees what becomes dangerously ambiguous.
Enterprise search systems have run into this same issue for decades. Adding natural language's inherent vagueness creates something worse, Vincalek warned. "You are building an unpredictable, unreliable, overly complex system which will be impossible to manage."
How AT&T Built MCP as a Governance Platform
After spending 13 years building AI systems at AT&T, where regulatory compliance isn't optional and downtime makes headlines, Monica Malik said she has heard every security objection. Operating at telecom scale in one of America's most scrutinized industries, her team has developed answers.
"Security is never a feature of a connector itself," Malik said. "Rather, it is the operational model that surrounds it — identity, policy and audit."
The distinction reshapes the debate. MCP is a protocol — rules for how systems communicate. Whether it's secure depends on implementation. The team at AT&T built MCP as an AI governance platform, not a connector free-for-all.
The MCP architecture starts with identity. Users authenticate once through single sign-on. Engineers grant each connector minimal permissions with access only to what it needs. Systems strip personal information from requests automatically. Encryption keys rotate regularly. Administrators approve every connector explicitly. Departments operate in isolated environments. Data loss prevention tools monitor information flow. Tamper-evident logs track who did what and when.
Scale requires resilience. Message queues absorb traffic spikes. Concurrency limits prevent connector overload. Circuit breakers shut down misbehaving components. The system catches and retries failed requests.
Nonetheless, there are still risks. "The ‘watch outs’ in this space include the risks of shadow connectors, overly elevated scopes and unmanaged drift between sandbox and production," Malik acknowledged. MCP Connect is secure enough for regulated state government workloads, provided it is built on a foundation of enterprise identity access management, data loss prevention and ongoing auditing, she said.
MCP connectors don't bypass existing security, but work through it, Kim said. "The MCP connector is not completing the transactions. The MCP connectors call the existing legacy API." When a connector reads Outlook email messages, Outlook's permission system still controls access. MCP doesn't create new vulnerabilities; it routes through existing security layers.
But Vincalek sees this as missing the point. When content from separate systems flows into a shared knowledge base, "there is no practical way to separate which piece of information can be provided to whom." Individual system controls become meaningless after aggregation. The architecture doesn't fail because of implementation errors, but because the fundamental pattern undermines access control by design.
MCP’s Composability Promise
MCP is infrastructure for a new computing paradigm, said Uniphore CEO Umesh Sachdev, who leads one of the largest AI-native enterprise SaaS platforms. "Without a standard for these interactions, developers are left building custom integrations, leading to inefficiencies, vendor lock-in and barriers to scaling."
Sachdev’s vision centers on what he calls composability, or the building of AI workflows from modular, interoperable components. "Instead of rigid, custom-built integrations, businesses can mix and match AI models, tools and agents,” he said.
To tackle this, the team at AT&T curated an approved connector catalog tiered by risk, Malik said. Engineers vet mission-critical connectors.
Pilot projects start with lighter oversight. They standardized connector capabilities — read-only, write or workflow-triggered — and enforced consistent patterns for data fetching.
Version control and staged rollouts prevent breaking changes. Contract testing verifies updates before wide release. Playbooks document approved patterns and common pitfalls. Architects positioned MCP in front of the connector gateway, normalizing authentication, errors and monitoring.
“When connectors fail, human fallbacks keep work flowing,” Malik said. “A capability matrix prevents brittle dependencies.”
MCP Results in Production
Running technology at Pixis, an AI-powered advertising platform, CTO Vikas Mishra deployed MCP to optimize campaigns from creation through execution. His team has also rolled it out internally across product and marketing.
Conference
Oct
20
Gartner IT Symposium/Xpo Orlando 2025
Register
Conference
Oct
27
Gartner HR Symposium/Xpo Orlando 2025
Register
"By analyzing customer acquisition costs across all channels, identifying the highest-value audience segments and redistributing budget based on true ROI attribution, MCP enables companies with integrated marketing data to see higher campaign ROI compared to those operating in silos,” Mishra said.
Results are measurable, with dramatic time savings. "MCP-enabled AI can monitor performance across all channels simultaneously and recommend optimizations at the moment that they're needed,” Mishra said. “This reduces the lag time between campaign launch and optimization from weeks to hours."
Two factors determine success: interoperability, because context must flow between systems, and data integrity, so AI makes sound decisions while protecting confidential information across platforms.
The Mission-Critical MCP Question
The protocol is ready now, according to Kim. "How you design the tools to expose, how you annotate and add metadata to drive the agents to the right tool selection and how you create the minimum viable set of tooling for the given task are all examples of what separates an experiment from a successful product that delivers value through AI,” he said.
With conditions, Malik agreed. "In most cases the answer is yes, provided adoption is phased." MCP handles read-heavy workflows today, such as calendar management, ticket lookups, summarization and drafting approvals. High-stakes systems, however, need more validation. "Sensitive zones of record, such as ERP and HR systems, require validated SLAs, rollback mechanisms and dual-control processes before write-paths can be trusted,” she said.
Malik’s MCP rollout blueprint phases risk:
- Month one: establish authentication, data redaction, audit logging and approve only low-risk read-only connectors.
- Month two: test write capabilities with small user groups, document service levels and incident response.
- Month three: expand to higher-risk connectors with policy enforcement and resilience testing.
Remaining unconvinced that phased rollouts fix fundamental design problems, Vincalek argued that natural language ambiguity plus cross-system data aggregation creates unpredictable behavior that no implementation discipline eliminates.
Consent and Explainability Build Trust
Employee acceptance will determine whether MCP gets adopted. "The organization needs to have control over AI, needs explainability, traceability and governance,” Kim said. Employees should approve key decisions, treating AI as an assistant, not an autonomous actor.
Moreover, too many connectors degrade performance, and too many tools deteriorate LLMs’ performance, a sign of bad design, Kim said. The team at AT&T addressed this by routing actions through confidence thresholds, suppressing low-value notifications, requiring explicit consent for high-risk automation and capping per-user notification rates.
Where MCP Goes From Here
Sachdev’s composable AI workflows become real when built on the operational discipline that Malik demonstrated. The historical context that Kim provided helps but doesn't resolve the governance concerns that Vincalek identified. The technology integrates workplace tools, but whether most organizations will invest in the security infrastructure, phased adoption and continuous oversight to make integration work safely remains the open question.
The answer will determine whether MCP becomes essential enterprise infrastructure or another promising protocol that couldn't bridge the gap between demo and production. Billions in AI investment hang on that answer.
Editor's Note: Catch up on more action in the enterprise AI space:
- The Trap of AI Experimentation and How to Move Forward — The reasons AI efforts stall aren't mysterious. They’re banal: no shared documentation. Siloed tools. Scattered knowledge.
- 10 Vendors Tackling the AI Records Management Challenge — Ten vendors, from enterprise heavyweights to agile startups, racing to solve the challenges of AI records management.
- Metacognition: Your AI Productivity Edge — AI boosts creativity when paired with metacognition — reflecting on your thinking. This self-awareness drives learning velocity over mindless productivity.