What if AI applications could connect to any data source the same way your phone connects to any USB-C charger? The answer already exists, and it's quietly reshaping how every major AI company builds their products.
Right now, connecting AI assistants to your actual data (your files, databases, and tools) requires custom integration code for every single connection. It's the same frustrating situation we had before USB-C unified device charging: proprietary connectors everywhere, nothing working together seamlessly.
The Model Context Protocol (MCP) changes this equation. By the end of this article, you'll understand how MCP's architecture works, what its three core building blocks do, and when this protocol makes sense for your projects. Whether you're just curious about AI infrastructure or evaluating MCP for a real application, you'll walk away with clear mental models you can actually use.
Let's start by understanding why this problem needed solving in the first place.
Why AI Applications Need Better Connections
Today's AI assistants are remarkably capable, until you ask them to work with your data. ChatGPT can analyze spreadsheets, but only if you manually upload them. Claude can query databases, but someone has to build the connector first. Each AI application lives in its own silo, blind to the information you actually need it to access.
This creates what developers call the N×M integration problem. If you have 5 AI applications and 10 data sources, you potentially need 50 custom integrations, each requiring development time, testing, and ongoing maintenance. When an API changes or a tool updates, the fragile connections break.
The costs compound quickly. Teams spend more time plumbing connections than building features. Organizations hesitate to adopt AI tools because the integration burden seems endless. What's needed isn't another clever workaround. It's a universal standard that turns that multiplication problem into simple addition.
Note for beginners: Think of this like the early days of phone chargers. Every manufacturer had their own connector, so traveling meant carrying a bag of cables. The solution wasn't better cables. It was everyone agreeing on one standard.
That universal standard now exists. Let's see what it is.
What Is the Model Context Protocol?
The One-Sentence Definition
The Model Context Protocol (MCP) is an open standard that lets AI applications connect to external data sources, tools, and workflows through a single, universal interface, eliminating the need for custom integration code.
That's the technical definition. Here's the intuitive one: MCP is the USB-C of AI. Build a connection once, and any MCP-compatible AI can use it.
Why Everyone Is Adopting It
Anthropic introduced MCP in November 2024, initially for their Claude assistant. But the protocol's open nature attracted broader interest fast. The numbers tell the story: MCP SDK downloads grew from 100,000 to 97 million monthly downloads in just 16 months, a 970x increase.
OpenAI officially adopted MCP in March 2025. Google has also added MCP-related support across its Gemini developer tooling, including Gemini SDK and Google AI Studio integrations. In December 2025, Anthropic donated MCP to the Agentic AI Foundation (AAIF) under the Linux Foundation, co-founded with Block and OpenAI. This isn't one company's project anymore. It's an industry standard.
To understand how MCP achieves this standardization, it helps to picture a restaurant kitchen. The AI application is the restaurant manager (the host), coordinating everything. Messages pass through waiters (the clients) who communicate with specialized kitchen stations (the servers): a grill station, prep station, dessert station. Each station has specific capabilities, but they all speak the same language.
With this mental model in place, let's examine each architectural layer in detail.
Understanding the Architecture: Hosts, Clients, and Servers
MCP uses a three-layer architecture. Understanding these layers is essential to grasping how the protocol works, and how the restaurant kitchen analogy maps to real components.
The Host: Your AI Application
The host is the AI application itself, like Claude Desktop, ChatGPT, VS Code with Copilot, or any AI-powered tool. It's the restaurant manager: receiving customer requests, deciding which kitchen stations to involve, and delivering the final response.
Hosts maintain overall control. They decide which servers to connect to, manage security policies, and coordinate between multiple clients.
The Client: Connectors That Translate
Within each host, clients act as dedicated connectors, one client per server connection. Think of them as waiters: they take orders to specific kitchen stations, translate between the manager's language and the station's format, and bring back results.
Clients maintain stateful sessions with servers, handling the JSON-RPC 2.0 communication that MCP uses under the hood. Each client connection is isolated, so a problem with one server doesn't affect others.
The Server: Specialized Capabilities
Servers are where the actual capabilities live. A database server provides data access. A GitHub server offers repository tools. A filesystem server handles file operations. Each server declares what it can do, and clients discover these capabilities at connection time.
Servers can be local (running on your machine via standard input/output) or remote (accessed over HTTP with Server-Sent Events for streaming).
For experienced developers: This architecture mirrors the Language Server Protocol (LSP) that revolutionized IDE tooling. MCP applies the same standardization principle to AI context. Hence the name.
Now that you understand the three layers, let's explore what servers actually provide: the three primitives that define MCP's capabilities.
The Three Building Blocks: Tools, Resources, and Prompts
MCP servers expose three types of capabilities, called primitives. Each serves a distinct purpose, but they're designed to work together.
Tools: What AI Can Do
Tools are functions the AI can execute, the protocol's "hands." A tool might send an email, create a calendar event, or run a database query. The key distinction: tools perform actions that change state or produce side effects.
Examples: send_slack_message, create_github_issue, query_database
Tools require user consent before execution. The AI proposes using a tool, but you approve the action. This is especially important for anything that modifies data or has external effects. (We'll cover this security model in more detail shortly.)
Resources: What AI Can See
Resources provide data and context, the protocol's "eyes." Resources are typically read-oriented: they expose data and context rather than directly performing actions. They give the AI information to work with: file contents, database schemas, API documentation, or any structured data.
Examples: file://project/README.md, postgres://table/users, notion://page/design-doc
Resources are application-controlled, meaning the host decides when to fetch and include them in the AI's context.
Prompts: Reusable Workflows
Prompts are templated interaction patterns, the protocol's "recipes." They encode specific workflows that users can trigger, like a code review template or a report generation pattern.
Examples: code_review_prompt, weekly_summary_template, bug_triage_workflow
Prompts are user-controlled: visible in the interface for explicit selection.
Combining the Three
These primitives shine when combined. A project analysis workflow might:
- Use a prompt to structure the analysis format
- Access resources to read relevant code files and documentation
- Execute tools to query the issue tracker and post findings
| Primitive | Analogy | Purpose | Who Controls It |
|---|---|---|---|
| Tools | Hands | Execute actions | AI (with user consent) |
| Resources | Eyes | Access data/context | Server provides, host decides when to use |
| Prompts | Recipes | Reusable templates | Developer defines, user triggers |
With the architecture and primitives covered, let's see how they work together in a real scenario.
Seeing MCP in Action: A Conceptual Walkthrough
Let's trace a complete MCP interaction from start to finish, connecting all the concepts we've covered.
Scenario: You ask Claude, "How many users signed up last week?" Claude needs to query your PostgreSQL database to answer.
Step 1: User Request You send your question to Claude (the host).
Step 2: Host Routes the Request Claude recognizes it needs database access. It routes the request to its PostgreSQL client, one of potentially many MCP clients it maintains.
Step 3: Client Communicates with Server The client sends a JSON-RPC request to the PostgreSQL MCP server. Here's what that message looks like:
{
"method": "tools/call",
"params": {
"name": "query_database",
"arguments": {
"sql": "SELECT COUNT(*) FROM users WHERE created_at > NOW() - INTERVAL '7 days'"
}
}
}
This is a tool call (the "hands" primitive from the previous section), requesting the query_database function.
Step 4: Server Executes and Responds The server runs the query against your actual database and returns the result via JSON-RPC.
Step 5: Host Formulates Response Claude receives the data ("247 new users") and crafts a natural language response: "Last week, 247 users signed up for your platform."
Notice what happened: Claude never directly accessed your database. All communication flowed through MCP's structured layers, with the server handling the actual data access.
Simplified Server Pattern (pseudo-code):
The server code below shows how this tool gets defined. Don't worry about the syntax; focus on the pattern:
# MCP Server: Database Query Tool
from mcp import Server
server = Server("database-server")
# 1. Define a tool the AI can invoke
@server.tool(
name="query_database",
description="Execute a read-only SQL query"
)
def handle_query(sql: str) -> dict:
# 2. Tool receives parameters from the AI
result = database.execute(sql)
# 3. Return data back through the protocol
return {"rows": result, "count": len(result)}
# 4. Start server (stdio for local, HTTP for remote)
server.run(transport="stdio")
This pattern repeats across every MCP interaction. The specifics change (different servers, different capabilities) but the architecture remains consistent.
But wait: if the AI can query databases, what stops it from accessing things it shouldn't? That brings us to MCP's security model.
Security: MCP's Trust Model and Its Limits
Connecting AI to external systems raises obvious security questions. MCP provides a structure for consent, capability boundaries, and isolation, but security still depends heavily on the host implementation, server trustworthiness, permissions, and deployment model.
User Consent: Tools that perform actions must get user approval. When Claude wants to send an email on your behalf, it asks first. The specification mandates that hosts maintain user awareness and control: the AI proposes, you approve.
Session Isolation: Each MCP client connection runs in its own sandbox. A misbehaving server can't affect other connections or access data from other sessions. This isolation is structural, built into the protocol architecture we explored earlier.
Capability Declaration: Servers explicitly declare their capabilities at connection time. They can't suddenly access functions they didn't advertise. Hosts can further restrict what they'll allow, enforcing additional boundaries beyond what servers offer.
The Mental Model: Think of MCP as supervised access, not open permissions. The AI operates within clearly defined guardrails:
- It can only use tools servers explicitly provide
- It must request approval for consequential actions
- It can only see resources the host makes available
For experienced developers: This aligns with the principle of least privilege. MCP's architecture makes it natural to grant exactly the access needed, nothing more.
With the fundamentals covered (architecture, primitives, data flow, and security), you might be wondering what's actually available to use. Let's explore the growing ecosystem.
The Growing Ecosystem: What's Available Today
MCP's value multiplies with its ecosystem. Here's what's available today.
Official Reference Servers:
- Filesystem: Read and write local files
- Git: Repository operations and history access
- Memory: Persistent knowledge graphs for context retention
- Fetch: Retrieve and process web content
- Sequential Thinking: Structured problem-solving support
Major Company Integrations:
- GitHub: Official server with dynamic toolsets for repositories
- Microsoft: Azure MCP Server for cloud services, integrated with VS Code Copilot
- Slack, Notion, Google Drive: Community and official servers for productivity tools
Community Ecosystem: Thousands of community servers cover databases (PostgreSQL, SQLite), search engines (Brave Search), code platforms (GitLab), and more.
Finding Servers:
- awesome-mcp-servers: Curated list of quality servers
- MCPRepository.com: Searchable index of all available servers
mcp-get: CLI tool for installing and managing servers
The ecosystem is growing rapidly, which means you can likely find a server for whatever integration you need, or build one using the official SDKs. Speaking of which, let's wrap up with your concrete next steps.
Getting Started: Your Next Steps
Key Takeaway
MCP is a universal standard for connecting AI applications to external systems. Its three-layer architecture (Host → Client → Server) and three primitives (Tools, Resources, Prompts) provide the building blocks for any AI integration.
Your Next Steps
If you're exploring AI capabilities: Try MCP-enabled applications directly. Claude Desktop and VS Code with GitHub Copilot already support MCP. Install a few servers and experience the protocol in action.
If you're a developer: The official SDKs make building servers straightforward:
- Python:
pip install mcp(v1.27.1, MIT license) - TypeScript:
npm install @modelcontextprotocol/server(v1.x stable) - Anthropic Academy: Free course covering server and client development
If you're evaluating for your organization: MCP is now under the Linux Foundation with backing from Anthropic, OpenAI, Google, and Block. The protocol has moved beyond "interesting experiment" to "industry standard." SDK v2 is in development, and the ecosystem continues rapid growth.
Remember the USB-C analogy we started with? The fragmented integration problem that plagued AI applications finally has its universal connector, and it's already here.