media2.dev.to

18 Months of MCP — It's Not Dead, Just No Longer the Default

MCP, Model Context Protocol, agent tooling, OAuth gateway, MCP backlashDev

Everything your team needs to know about MCP in 2026

MCP Is Being Abandoned: How Fast Can a Standard Die?

MCP Isnt Dead But Its Not the Default Answer Anymore

Anthropic announced MCP on November 25, 2024. Eighteen months later, the protocol has moved under the Linux Foundation, SDK downloads are hitting 97 million a month, and registered servers have crossed 10,000. Over that same stretch, Garry Tan posted "MCP sucks" on X, and Perplexity CTO Denis Yarats announced at the Ask 2026 conference that they're pulling MCP out internally and going back to REST APIs and CLIs. It's not dead. But the core takeaway from 18 months out is that it's stepped down from the "default" slot.

At a Glance

Nov 2024 Launch → Major Vendor Adoption → Token & Security Walls → Mar 2026 Backlash → Layered Future

What Happened Over 18 Months?

MCP's adoption curve was unusually fast. In March 2025, OpenAI added official MCP support to its Agents SDK and Responses API. That same month, Streamable HTTP transport arrived, making remote server deployments practically viable. Then came Google at I/O in June with Gemini support, Microsoft at Build 2025 declaring it a "foundational layer" for Windows 11, and in March 2026, AWS rolled out stateful MCP server support in Bedrock AgentCore Runtime across 14 regions. In December, Anthropic donated MCP to the Linux Foundation's Agentic AI Foundation.

Single vendor → neutral governance + adoption across every major cloud. That combination happening in 18 months is genuinely unusual.

The numbers make it even clearer.

97M
Combined monthly downloads of the Python and TypeScript SDKs.
10,000+
Registered MCP servers. About 2,000 are indexed in the MCP Registry.
150+
Organizations backing the A2A (Agent2Agent) protocol — a complementary standard growing alongside MCP.

Then in January 2026, MCP Apps launched, expanding the originally text-based protocol to support interactive UIs. Amplitude, Asana, Box, Canva, Figma, Slack, and Salesforce all joined as launch partners.

So Why Did the Backlash Hit?

It started on February 28, 2026, with Eric Holmes's post "MCP is dead. Long live the CLI." On March 11, Y Combinator president Garry Tan fired a shot on X: "MCP sucks honestly — it eats your entire context window and auth is a mess," then published his own CLI wrapper called "gstack." Days later, Perplexity CTO Denis Yarats made it official at Ask 2026: they're pulling MCP out of internal use. The criticism isn't emotional. It's measured against three specific operational walls.

Pain Point	Measured Problem	Alternative Pattern
Token Overhead	Connecting 3 servers consumes 72% of a 200K context. Tool selection accuracy drops from 43% to 14%.	Skills (progressive disclosure) + Cloudflare Code Mode (−98% tokens)
Security Defaults	Of 119 verified publicly exposed servers (scanned from 1,862), every single one was unauthenticated. 41% of servers have no auth at all.	Gateway + OAuth 2.1 + CIMD enforcement
Remote Scaling	Stateful sessions, horizontal scaling, and gateway behavior are all undefined.	AWS AgentCore-style stateless streamable-HTTP

The token overhead numbers are striking. The MCPGAUGE paper published in 2025 found that "MCP integration reduces average accuracy by 9.5 percentage points and increases input token counts by 3.25× to 236.5×." On a 200K context model, just attaching the GitHub, Playwright, and IDE servers eats up 143K with tool definitions. You've got 30% left before actual work even starts.

"context rot" — the more tools you add, the more the model gets lost. Tool selection accuracy fell from 43% to below 14%.

The security picture is worse. Knostic scanned 1,862 internet-facing MCP servers in early 2026 and verified 119 of them — every single one allowed unauthenticated access to internal tool listings. Bitsight found roughly 1,000 servers with no authorization controls, and a separate analysis found 41% of 518 servers had no authentication. Cloudflare's own official guide still lists "without authentication" as a normal deployment option. It's an operational hygiene problem.

Heads Up — stdio mode and HTTP mode are different animals
The problems with local stdio MCP (tokens, security) are real. But enterprise remote HTTP MCP is a different conversation. When Slack, Cursor, Claude Code, and internal assistants all call the same server, MCP is the only thing that lets you enforce OAuth, auditing, and telemetry from one place. The question isn't "is MCP dead" — it's "which mode are you running?"

So What Should You Actually Pick Right Now?

In practice, the most useful setup is CLI + RESTful + Skills + MCP where it earns its keep. Here's the decision flow.

Is it a local, single-user workflow?
Yes → CLI or Skills. The model already knows git/curl/jq/aws. MCP is overhead here.
Do you own both sides (client and tool)?
Yes → REST API. You don't need an interop standard. No → next question.
Do you need multiple hosts (Cursor, Claude, ChatGPT) sharing the same tools and policies?
Yes → remote HTTP MCP. Integrate once, use N times. This is where MCP actually earns its keep.
Does your enterprise need OAuth, SSO, and audit logging?
Yes → MCP + WorkOS/Glean-style Gateway pattern. Auth standards are guaranteed.

What's interesting is Cloudflare's "Code Mode." Instead of preloading all tool definitions upfront, it lets agents dynamically discover and call tools — cutting token usage by over 98%. That's the direction SEP-1576 ("Mitigating Token Bloat in MCP") is heading: progressive disclosure, schema deduplication, tool search. If these patterns become the default, MCP's first big wall comes down.

The MCP Dev Summit is being held in New York on April 2–3, 2026. Hosted by AAIF and the Linux Foundation, with every major cloud vendor signed on as a sponsor. Developer sentiment is wobbly, but governance and ecosystem investment run on a different clock. That's the signal.

Deep Dive Resources

WorkOS — Everything Your Team Needs to Know About MCP in 2026 Architecture, auth, and the 2026 roadmap all in one place. Covers CIMD vs DCR, async Tasks, and MCP Apps end to end. workos.com

Why Perplexity Walked Away from MCP Context window at 72% consumed, tool selection accuracy dropping from 43% to 14%, and how Skills' progressive disclosure compares. dev.to

MCP Isn't Dead. But It's Not the Default Answer Anymore. Primary sources on the Garry Tan/Eric Holmes/Perplexity criticism, plus the data behind the 9.5pp accuracy drop. medium.com

Glean — When MCP Adds Real Value vs When CLI Is Enough Local stdio vs enterprise HTTP MCP, and why "integrate once, use N times" is where the real value actually sits. glean.com

FAQ

Is it too late to adopt MCP now?

It's not too late. But drop the "MCP for everything" thinking. If you own both sides of the integration, REST is probably cleaner. If you need multiple hosts (Cursor, Claude, ChatGPT) sharing the same tools — or if you need enterprise OAuth and auditing — MCP is the right call.

I already have an MCP server built. Should I rip it out?

No need to pull it out. Two things worth checking: (1) Does it have auth? (41% of scanned servers didn't.) (2) Are too many tool definitions eating your context? Apply the SEP-1576 approach (progressive disclosure), or split off rarely-used tools — that takes care of most of the token problem.

Can Skills fully replace MCP?

For local, single-user, code-focused workflows, Skills (or CLI) are more efficient. But Skills don't share tools across multiple hosts or handle enterprise permission management. Think of them as complementary, not competing.

How do I actually secure an MCP deployment?

Three things: (1) Never deploy without authentication — the "without authentication" option in Cloudflare's guide is for demos only. (2) Apply OAuth 2.1 + CIMD. (3) Use a Gateway pattern — issue scoped tokens per user, keep sessions short. Managed options like WorkOS AuthKit make this more manageable.

Does Cloudflare Code Mode really cut tokens by 98%?

Yes. Instead of preloading all tool definitions into context, agents dynamically discover and call what they need. That's the direction SEP-1576 is pointing, and if it becomes the default, MCP's first major operational wall disappears. That said, not every client supports it yet.

Written by Rush

Tracking where business meets AI.

Did you find this reference helpful?

Get curated references delivered to your inbox weekly

Share this reference

Antioch — Meet the Cursor for Robot AI

Physical AI startups no longer need to rent warehouses or build million-dollar test facilities. Antioch brings software-speed development to robotics through cloud simulation — and just raised $8.5M seed to prove it.

Explore more AI workflow guides on similar topics

$20K and 12 AI Tools Built a $1.8B Telehealth Company — And Then the Red Flags Arrived

morningbrew.com

Medvi telehealth, AI startup leverage, GLP-1 startup, one-person unicorn, AI operations

$20K and 12 AI Tools Built a $1.8B Telehealth Company — And Then the Red Flags Arrived

Matthew Gallagher built Medvi, a GLP-1 telehealth startup, in 14 months with $20,000 and AI tools. 2 employees. 16.2% net margin. $401M in year one. Here's how the model works — and where it's breaking.

AI That Works While You Sleep — Automating Recurring Tasks with Claude Code Scheduled Task

substackcdn.com

What if your code review was already done when you woke up, and your newsletter

AI That Works While You Sleep — Automating Recurring Tasks with Claude Code Scheduled Task

What if your code review was already done when you woke up, and your newsletter sources were already organized? Here's how to automate recurring tasks with Claude Code Scheduled Task.

Next →Antioch — Meet the Cursor for Robot AI