Listen to the article
While MCP offers a rapid and standardised method to integrate large language models with databases and tools, experts warn that ensuring reliability, security, and governance in production remains complex and fraught with risks, calling for robust safeguards and cautious adoption.
Model Context Protocol (MCP) promises a fast, standardised way to link large language models to databases, tools and services , but practitioners warn that building an MCP server is easy while making it reliable, secure and governable in production is much harder. [^[1][2]^](https://www.informationweek.com/machine-learning-ai/building-an-mcp-server-is-easy-but-getting-it-to-work-is-a-lot-harder)[^[6]^](https://www.microsoft.com/en-us/startups/blog/model-context-protocol-mcp-a-new-approach-for-startups-building-with-ai/)
“Connecting is easy,” Anand Chandrasekaran, principal engineer at Arya Health, told InformationWeek, “Surviving production is hard.” According to the original report, rapid connectivity can be a double‑edged sword: speed of implementation often increases the risk of exploitation. [^[1]^](https://www.informationweek.com/machine-learning-ai/building-an-mcp-server-is-easy-but-getting-it-to-work-is-a-lot-harder)
Salesforce’s Mohith Shrivastava said MCP has shown value for rapid proof‑of‑concept work and zero‑to‑one ideation, but taking agentic workflows into live environments exposes gaps in security, governance and operational infrastructure. He argued that the “true power of remote MCP is realised through centralized ‘agent gateways’ where these servers are registered and managed,” while also noting gateways bring orchestration complexity of their own. [^[1]^](https://www.informationweek.com/machine-learning-ai/building-an-mcp-server-is-easy-but-getting-it-to-work-is-a-lot-harder)
Security experts and vendors cited several concrete failure modes that enterprises must address. A common recommendation is the On‑Behalf‑Of (OBO) token pattern to ensure agents inherit the precise identity and permissions of their human principals rather than operating under broad service accounts , “the bot is just a digital extension of me; it is not a separate superuser,” Chandrasekaran said. [^[1]^](https://www.informationweek.com/machine-learning-ai/building-an-mcp-server-is-easy-but-getting-it-to-work-is-a-lot-harder)[^[3]^](https://blog.treblle.com/model-context-protocol-ai-security/)[^[5]^](https://www.linkedin.com/pulse/securing-model-context-protocol-mcp-challenges-best-muayad-sayed-ali-sot4e)
Tool proliferation and inadequate tool descriptions increase the risk of hallucination, misuse or incorrect tool selection. Dominik Tomicevic of Memgraph recommended limiting tool exposure by policy and by runtime, breaking complex tasks into smaller subtasks with curated tool sets, and providing rich metadata about each tool’s function, constraints and data access. Industry posts warn of related attacks such as tool‑poisoning and malicious prompt templates, underscoring the need for vetting and clear tool descriptions. [^[1]^](https://www.informationweek.com/machine-learning-ai/building-an-mcp-server-is-easy-but-getting-it-to-work-is-a-lot-harder)[^[3]^](https://blog.treblle.com/model-context-protocol-ai-security/)[^[4]^](https://techcommunity.microsoft.com/blog/-/plug-play-and-prey-the-security-risks-of-the-model-context/4410829)
Scaling MCP beyond small, controlled deployments introduces performance and coordination problems. As James Urquhart noted, the protocol was not designed to coordinate large, distributed networks of agents and lacks built‑in queuing, scheduling and structured message passing; enterprises should therefore add explicit scheduling, prioritisation and shared metadata models to prevent resource contention and unpredictable behaviour. [^[1]^](https://www.informationweek.com/machine-learning-ai/building-an-mcp-server-is-easy-but-getting-it-to-work-is-a-lot-harder)[^[6]^](https://www.microsoft.com/en-us/startups/blog/model-context-protocol-mcp-a-new-approach-for-startups-building-with-ai/)
Bridging the gap from a working server to a compliant, reviewable production system requires tighter scopes, shorter responses and clearer policy context. Nuha Hashem said agents must be limited to a narrow prompt and a defined scope , otherwise they “start to guess at intent,” producing outputs that fail policy review. Observers recommend least‑privilege access, rate limiting, sandboxing and robust auditing to preserve lineage, compliance and minimised data exposure. [^[1]^](https://www.informationweek.com/machine-learning-ai/building-an-mcp-server-is-easy-but-getting-it-to-work-is-a-lot-harder)[^[5]^](https://www.linkedin.com/pulse/securing-model-context-protocol-mcp-challenges-best-muayad-sayed-ali-sot4e)[^[7]^](https://www.itpro.com/technology/artificial-intelligence/what-is-model-context-protocol-mcp)
Taken together, practitioners advise caution: MCP is a powerful abstraction but not an enterprise‑ready panacea on its own. Security researchers point to rising CVEs and the emergence of malicious MCP servers, and urge enterprises to surround MCP with governance, resilience and safety layers rather than rushing adoption. “The hard part is building the guardrails that make AI agents behave predictably and safely at scale,” a Cisco principal engineer told the original report. [^[1]^](https://www.informationweek.com/machine-learning-ai/building-an-mcp-server-is-easy-but-getting-it-to-work-is-a-lot-harder)[^[3]^](https://blog.treblle.com/model-context-protocol-ai-security/)[^[4]^](https://techcommunity.microsoft.com/blog/-/plug-play-and-prey-the-security-risks-of-the-model-context/4410829)[^[5]^](https://www.linkedin.com/pulse/securing-model-context-protocol-mcp-challenges-best-muayad-sayed-ali-sot4e)
📌 Reference Map:
##Reference Map:
- [^[1]^](https://www.informationweek.com/machine-learning-ai/building-an-mcp-server-is-easy-but-getting-it-to-work-is-a-lot-harder) (InformationWeek) – Paragraph 1, Paragraph 2, Paragraph 3, Paragraph 4, Paragraph 5, Paragraph 6, Paragraph 7, Paragraph 8
- [^[2]^](https://www.informationweek.com/machine-learning-ai/building-an-mcp-server-is-easy-but-getting-it-to-work-is-a-lot-harder) (InformationWeek summary) – Paragraph 1
- [^[3]^](https://blog.treblle.com/model-context-protocol-ai-security/) (Treblle blog) – Paragraph 5, Paragraph 8
- [^[4]^](https://techcommunity.microsoft.com/blog/-/plug-play-and-prey-the-security-risks-of-the-model-context/4410829) (Microsoft Tech Community) – Paragraph 5, Paragraph 8
- [^[5]^](https://www.linkedin.com/pulse/securing-model-context-protocol-mcp-challenges-best-muayad-sayed-ali-sot4e) (LinkedIn article) – Paragraph 4, Paragraph 7, Paragraph 8
- [^[6]^](https://www.microsoft.com/en-us/startups/blog/model-context-protocol-mcp-a-new-approach-for-startups-building-with-ai/) (Microsoft for Startups blog) – Paragraph 1, Paragraph 6
- [^[7]^](https://www.itpro.com/technology/artificial-intelligence/what-is-model-context-protocol-mcp) (ITPro overview) – Paragraph 7
Source: Fuse Wire Services
Access Our Exclusive Research
In-depth analysis and actionable data to keep you ahead of the curve.
Never Miss an Update. Get our latest research delivered straight to your inbox.