惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Tailwind CSS Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
The Cloudflare Blog
J
Java Code Geeks
大猫的无限游戏
大猫的无限游戏
雷峰网
雷峰网
WordPress大学
WordPress大学
Jina AI
Jina AI
IT之家
IT之家
Hugging Face - Blog
Hugging Face - Blog
博客园 - 聂微东
有赞技术团队
有赞技术团队
V
Vulnerabilities – Threatpost
博客园 - 司徒正美
L
Lohrmann on Cybersecurity
P
Privacy International News Feed
S
SegmentFault 最新的问题
C
Cisco Blogs
V
V2EX
博客园 - 三生石上(FineUI控件)
Apple Machine Learning Research
Apple Machine Learning Research
I
Intezer
人人都是产品经理
人人都是产品经理
博客园_首页
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cyberwarzone
Cyberwarzone
Know Your Adversary
Know Your Adversary
酷 壳 – CoolShell
酷 壳 – CoolShell
Security Latest
Security Latest
V
Visual Studio Blog
S
Schneier on Security
宝玉的分享
宝玉的分享
博客园 - 【当耐特】
腾讯CDC
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - Franky
Last Week in AI
Last Week in AI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
K
Kaspersky official blog
T
The Exploit Database - CXSecurity.com
G
GRAHAM CLULEY
量子位
S
Securelist
小众软件
小众软件
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Tenable Blog
阮一峰的网络日志
阮一峰的网络日志
博客园 - 叶小钗
T
Troy Hunt's Blog

SerpApi

The State of the SERP in the Age of AI How to find the Google Knowledge Graph ID (kgmid) for anything What is an API? Part 2: Feeding the Machine (JSON) Building an Accessibility Search Experience with Google Flights, Hotels, and Maps APIs SerpApi Weekly Changelog: July 06-12, 2026 How to Scrape Google Flights Deals with a simple API Monitoring FIFA World Cup scores with a simple API How to scrape Google sports results Build Smarter Pydantic AI Agents with Real-Time Search A complete guide to web scraping with Ruby (2026) SerpApi Weekly Changelog: June 29- July 05, 2026 Make no mistakes: agent usability testing Semantic Image Search with Elasticsearch What is an API? Part 1: The Secret Life of a Web Browser MCP Apps with FastMCP: Turning Tool Output Into Interactive UI How to Scrape Naver AI Briefings with SerpApi Connect Sakana AI (Fugu) with Web Search API SerpApi Weekly Changelog: June 22-28, 2026 Trending Travel Destinations using Python & SerpApi How to scrape Bing reverse image search results Measuring Brand Presence Across AI Answer Engines SerpApi Weekly Changelog: June 15-21, 2026 How I Built a Star Wars Grogu Product Research Agent with Codex, Lark, and SerpApi How to scrape Bing web search results Categorizing hotels using Google Hotels images How to scrape Bing Images search results How to scrape Bing Copilot answers Build A No Code AI-Powered Local Lead Outreach System SerpApi Weekly Changelog: June 08-14, 2026 How to Do SEO Research with Claude Desktop and SerpApi MCP Track and Compare Product Prices Across Stores and Locations (SerpApi & Python) How to Extract Full Opinion Text from Google Scholar Case Law with SerpApi How to scrape Bing Maps search results SerpApi Weekly Changelog: June 01-07, 2026 Amazon ASIN Lookup API: Find and Fetch Product Details How to scrape Bing News search results How to Connect Your Local LLM with Web Search Data SerpApi on Postman: One Unified Collection for Faster API Exploration SerpApi Weekly Changelog: May 25-31, 2026 Building an AI Agent in Python How to scrape Google Case Law API for Legal Research, Analytics, AI, and more SerpApi Achieves SOC 2 Type 2 and ISO 27001 Certification How to find your next product idea with Google Trends and SerpApi Scrape Competitors' Google Ads Data (Tutorial 2026) Using SerpApi and DeepSeek to Break Down Dan Koe’s Content Strategy SerpApi Weekly Changelog: May 18-24, 2026 How to scrape Bing Videos search results How to Scrape Instagram Profile Data with SerpApi How to scrape Bing Shopping search results How to Scrape Google Hotels Reviews SerpApi Weekly Changelog: May 11-17, 2026 5 Things You Can Build with Claude Code and Live Search Data Real Estate Data API for PropTech Developers How to Scrape Apple Maps with SerpApi How to scrape Google Trends
The State of MCP: Everything That Changed in H1 2026
James Collins · 2026-06-03 · via SerpApi

Six months ago, the Model Context Protocol was the exciting new thing. By the middle of 2026, it had become something less exciting but far more important: a piece of infrastructure that much of the AI ecosystem now depends on.

Over the first half of the year, MCP changed hands, gained a user interface, had its core protocol rewritten, and ran into the security problems that tend to appear once millions of people rely on something. None of those are the problems of a promising idea. They are the problems of working infrastructure, and the first half of 2026 is when MCP started dealing with them.

If you are new to the protocol, our overview — Model Context Protocol (MCP): A Unified Standard for AI Agents and Tools — is the place to start. The rest of this post assumes the basics and focuses on what actually changed.

DateEvent
Dec 9, 2025Anthropic donates MCP to the Agentic AI Foundation (Linux Foundation)
Jan 26, 2026MCP Apps ships as the first official extension, bringing UI into the chat
Jan–Feb 2026More than 30 MCP-related CVEs filed; tool poisoning becomes a mainstream concern
Mar 9, 2026The 2026 roadmap is published, with enterprise readiness as the top priority
May 21, 2026The 2026-07-28 spec release candidate locks — the largest revision since launch

Governance moved to a neutral foundation

The most important change happened right at the start of the period, and it shaped everything that followed.

On December 9, 2025, Anthropic donated MCP to the newly formed Agentic AI Foundation, a fund under the Linux Foundation. Block and OpenAI were co-founders, and AWS, Google, Microsoft, Cloudflare, and Bloomberg joined as platinum members.

This matters more than it might sound. A protocol controlled by a single AI lab is a risk for every competing lab that adopts it, because that lab could change the standard in its own favor. Handing MCP to a neutral foundation removes the concern, since changes now go through a public proposal process in which every major lab and cloud provider has a seat, and none of them benefits from breaking the protocol for the others.

Google’s A2A protocol moved under the same foundation, with a clear division of responsibility: MCP connects agents to tools, while A2A coordinates communication between agents. Together, these two moves settled much of the fragmentation the ecosystem had worried about throughout 2025.

Adoption kept climbing

MetricWhere it stood in H1 2026
Monthly SDK downloads~97 million, up from ~2 million at launch (roughly 4,750% growth in 16 months)
Public MCP servers~9,400–17,000+ across the major registries
AI clients with native MCPClaude, Cursor, Windsurf, Codex CLI, and VS Code with Copilot, plus ChatGPT and Gemini

To put that in perspective, the React npm package took about three years to reach the download numbers MCP reached in sixteen months.

The composition of that growth is as telling as its size. Fewer than 5% of public servers are monetized, so the ecosystem remains largely open source, and the momentum is shifting from community experiments toward vendor-built connectors and private, enterprise-internal servers. In short, MCP is moving from something developers try out to something companies run in production.

The protocol matured

Two releases turned MCP from a promising design into something built for scale.

The first was MCP Apps, which shipped in January as the protocol’s first official extension. It lets a tool return an interactive HTML interface that renders directly inside the conversation, such as a dashboard, a form, or a live visualization, all running in a sandboxed iframe. Figma used it to offer inline component editing, and Hex used it to render a filterable dashboard. It is worth noting that Anthropic and OpenAI developed the extension together, and it launched with support in Claude, ChatGPT, Goose, and VS Code on the first day.

The second was the 2026-07-28 release candidate, locked in May, which is the largest revision to the protocol since it launched. Its central change is that MCP becomes stateless.

  • The initialize handshake and the Mcp-Session-Id header are gone. Protocol version, client information, and capabilities now travel in the _meta field of every request.
  • This matters because a stateless server can sit behind an ordinary load balancer, with no sticky routing, no session store, and no long-lived streams to maintain. That is what allows MCP to scale on standard HTTP infrastructure.
  • The release also adds operational features, including required Mcp-Method and Mcp-Name headers that let gateways route traffic, and HTTP-style caching fields on discovery responses.
  • Finally, it introduces a formal deprecation policy. Roots, Sampling, and Logging are deprecated, but nothing is removed for at least twelve months.

Most existing servers continue to work unchanged. But the intent behind the release is clear: MCP is being re-engineered to be predictable and unremarkable, which is exactly what dependable infrastructure should be.

Security caught up with adoption

Rapid growth came with a cost. In January and February alone, more than thirty MCP-related CVEs were filed, including a remote-code-execution flaw rated 9.6 on the CVSS scale.

The defining issue was tool poisoning, and the problem is structural rather than a bug in any single server. A tool’s description is text the server controls, and it lands in the model’s context as if it were a trusted instruction. A malicious server can hide a directive in that description — for example, telling the model to read the user’s SSH key and pass it as a parameter — and an instruction-following model will comply. The user never sees the directive, because tool descriptions are not shown in the interface.

The underlying weakness is a gap in trust. A tool’s description is reviewed once, when the agent first connects, but the tool’s responses flow into the model afterward without any equivalent check. The defenses that emerged are layered: sanitizing tool metadata and responses, isolating high-privilege tools, scanning server manifests, and disabling the “always allow” settings that run tools without confirmation.

These are the problems of a widely used protocol rather than a niche one. The March roadmap responded to them directly by making enterprise readiness — audit trails, single sign-on, and gateway support — its top priority, to be delivered mostly through extensions rather than changes to the core.

What this adds up to

Taken together, the first half of 2026 tells a single story. MCP finished moving from a clever idea owned by one company to shared infrastructure governed by a foundation, and it began to behave accordingly.

What makes the period unusual is that all of this happened at once: record adoption alongside a candid acknowledgment, through both the rewrite and the security work, that the original design was not built for the scale it had reached. That is less a contradiction than a sign of maturity. MCP has moved past the stage of being interesting and into the more demanding stage of being relied upon.

Where SerpApi fits

If you are building agents on top of MCP, live search is one of the most useful capabilities you can give them, and you do not need to build the connector yourself.

The SerpApi MCP server exposes a single search tool that any MCP client — Claude Desktop, Cursor, VS Code, or your own agent — can call to query more than 100 engines and receive structured JSON in return. We have also exposed each engine’s schema as an MCP resource, which improves the accuracy of tool calls and aligns well with the discovery and caching direction the new specification is taking.

If you would prefer a lighter setup inside Claude Code, the SerpApi Claude Code plugin gives Claude native search through a single skill, with no server to run. MCP is the better choice when you work across several clients, while the plugin is simpler when you work primarily in one.