Why the Model Context Protocol matters more than most people realize — and what governance has to do with it
If you’ve been paying attention this year, you’ve noticed every major platform shipped an MCP server. Salesforce. DocuSign. Azure DevOps. GitHub. Notion. Slack. The list grows every week. Whatever system you depend on, there’s a good chance an AI agent can talk to it through the Model Context Protocol — and if it can’t yet, it will soon.
This isn’t a branding cycle. MCP is doing for AI agents what REST did for web services: standardizing the protocol layer that everything connects through. And like every protocol shift before it, the rush to adopt is going to outpace the discipline to govern.
What MCP actually is
The Model Context Protocol is an open standard, originally created by Anthropic, that defines how AI agents discover and use tools. Think of it as a universal adapter between AI systems and the software they need to interact with. Build an MCP server once, and every MCP-compatible agent can use it.
If that sounds like what APIs did for system-to-system integration, you’re tracking the right analogy.
The mess this creates
Here’s what most of the MCP coverage skips: agents with tools are powerful, and powerful things break loudly when they’re not governed. A handful of the failure modes already surfacing in production:
- Runaway token consumption. An agent that hits an MCP server, gets a verbose response, reasons over it, hits another tool, and chains again can burn six figures of inference cost in a weekend. There’s no rate limit on a bad agent loop by default.
- Blown API quotas. Most enterprise APIs were sized for a few thousand calls per day from a known set of integrations. An untethered agent can chew through a year’s quota in an afternoon — and the bill lands on whoever owns the integration.
- Destructive operations. This year’s headline incidents — agents deleting production databases, dropping tables, force-pushing branches, sending mass emails — were all governance failures. The MCP server exposed the capability. The agent had the credentials. Nothing in between asked “should this happen?”
- Credential and data sprawl. Every MCP server an enterprise stands up is a new auth boundary. Without a registry, no one knows what’s connected to what, who owns it, or where the secrets live.
The protocol is the easy part. The governance — what an agent is allowed to do, against which systems, with whose credentials, at what rate, with what audit trail — is where the next three years of enterprise pain (and services revenue) lives.
Why MuleSoft is going all-in
MuleSoft built a billion-dollar business on one insight: enterprises have too many systems, and connecting them with point-to-point custom code doesn’t scale. Their MCP play applies that same logic, one layer up.
Four products anchor the strategy:
MCP Connector exposes REST APIs as simpler, atomic tools consumable by LLM agents — so every API you’ve already shipped becomes agent-accessible without rewriting it.
MCP Servers Registry automates discovery and integration of remote MCP servers within the MuleSoft ecosystem, so the question of “what’s connected to what” has an actual answer.
MCP Bridge is guided API Manager tooling that blends REST APIs and existing MCP servers into new, custom MCP servers. This is the governance layer — rate limiting, throttling, auth, monitoring — applied to the agent layer.
Anypoint Code Builder MCP Server lets agents build, deploy, and manage Mule applications via natural language from any AI IDE.
The pattern is the same one that worked for APIs: a platform for discovery, governance, and orchestration, with the integration assets you already own as the foundation.
The practitioner perspective
We build MCP servers — not as a product, but as the operating infrastructure for our own AI Chief of Staff. Notion, Slack, Gmail, Calendar, DocuSign — they all run through MCP for us, with rate limits, scoped credentials, and audit logs, because we learned the hard way that the protocol layer is the easy part. An agent’s behavior is decided by the context it’s given and the boundaries it operates inside. MuleSoft is building the platform answer to that problem.
What to do now
If you’re a MuleSoft customer: every API you’ve already deployed is about to become dramatically more valuable — but only if someone connects it to the agent layer with governance intact. Ask your partner about their MCP strategy. If they don’t have one, that tells you something.
If you’re an integration partner: customers will vibe-code their way into the same governance nightmare they had with point-to-point integrations a decade ago. The partners running MCP in production today — with rate limits, audit trails, and registries — will own the next wave.
The API economy created a $30B+ services market. The MCP economy will be larger. The question is who builds it with the discipline to keep it running.