MCP is the Fastest-Growing Protocol in AI History
Despite Reports of Its Untimely Death
In February, Eric Holmes published “MCP is Dead. Long Live the CLI.” and the tech community on Twitter piled on. At that time, OpenClaw didn’t use MCP and was actively promoting CLIs and Skills as more context efficient, composable, debuggable alternatives to MCP.
But as of April 2026 MCP is looking pretty alive. It’s the fastest-growing open-source AI project in history, growing 5,000% in 16 months. Here’s the current state in April:
over 100 million monthly SDK downloads and over 10,000 active servers
First-class client support across ChatGPT, Claude, Gemini, Cursor, Microsoft Copilot, and VS Code
Anthropic now has 75+ connectors powered by MCP, and launched Tool Search for production-scale deployments
OpenAI shipped dynamic tool search for MCP in GPT-5.4, reducing token overhead by 47%
The Agentic AI Foundation co-founded by Anthropic, OpenAI, and Block, with platinum members AWS, Google, Microsoft, Bloomberg, and Cloudflare now stewards MCP under the Linux Foundation
The MCP Dev Summit in NYC (April 2-3), featuring 95+ sessions from Anthropic, Datadog, Hugging Face, Microsoft, and others, is oversubscribed
So what is going on here?
CLIs Are Great — Especially for Autonmous Agents
I love CLIs. Most developers do. LLMs have been trained on CLI docs and are therefore experts at using ‘grep’, ‘awk’, and other Bash commands. AI workflows often require multiple tool calls chained together (e.g., you might call your email server and then your calendar etc.). If every tool had a good CLI, LLM would write a long string of commands that executes in a single leap for any given workflow.
CLIs are also self documenting, so LLMs can discover features on the fly (using help/man). And, CLIs can be more context efficient than MCPs - describing tools in fewer tokens than large MCP schemas. Having said that, none of these advantages are permanent. MCP is a new spec and very much a work in progress. Still when comparing CLIs to local MCPs, CLIs are a clear winner because the security value proposition of local MCPs is not much better than CLIs. However, remote or gateway managed MCPs are a totally different story.
At the root of the issue is a tradeoff between Agent Autonomy and Enterprise control. A consequence of this is that what an individual developer is comfortable trading off for the benefit of greater Agent autonomy, is not always what is best for teams, enterprises, and the broader ecosystem of non-technical builders.
Agent Autonomy Needs Robust Controls
The deeper tension beneath the MCP vs. CLI debate is worth naming: how much autonomy should we give agents? This question is actually fundamental to Enterprise AI adoption and the current state of the AI bubble (massive investment and usage in SF/Silicon Valley circles but hesitance, fear and slower adoption in Enterprises where AI could have significant impact).
The CLI-maximalist position is synonymous with more autonomy. Give the agent shell access, let it figure out which commands to run, let it chain tools together however it sees fit. The more access the better - because that makes the agent more capable and the user much more productive. How could this be bad? In fact, it is even more appealing as models get smarter. And they are getting smarter, fast.
But of course the reality is when you are inside a company, autonomy without guardrails is a recipe for all sorts of problems. We don’t have to look farther than the OpenClaw security crisis to get a sense for what could go wrong.
Requirements CLIs Alone Don’t Solve
MintMCP founder Jiquan Ngiam uses CLIs for side projects, but MCPs at work to run background agents, each with scoped access. He will be on my podcast next month. The tradeoffs he notes:
Access control: CLIs are hard to scope per session. MCPs have built-in
allowedToolsper session.Auth: CLIs require on-device tokens and terminal commands. MCPs offer OAuth with single-click UIs. The CLI Credential UX is painful for non-developers. MCPs connect in one click.
Observability: CLIs produce ad-hoc output. MCP servers enable standardized OpenTelemetry metrics across teams.
I found Charles Chen’s article, “MCP is Dead; Long Live MCP!”, to be the first super sensible take that busted the CLI hype-train on X. It was a widely-read take ranked highly on Hacker News. His core argument is that MCP enables organizational-scale agentic engineering with security, observability, and governance built in.
1. Security
In an enterprise, you need OAuth-based authentication with secrets managed server-side. You need to revoke access when someone leaves without worrying about API keys sitting in dotfiles. You need to know for sure that an agent running a background task can read call transcripts but can’t send emails. Remote MCPs accessed via Gateways are the pattern enterprises are using to secure Agent tool use. This isn’t just an enterprise problem. Anyone running AI agents needs security. The individual developer vibing in their terminal is one malicious dependency away from a compromised environment.
OpenClaw illustrates what happens when security is an afterthought. Researchers found over 135,000 OpenClaw instances exposed to the public internet, with 15,000 vulnerable to remote code execution. Would MCP have prevented this? MCP’s remote server model means there is no listening port on the user’s machine to expose. The 135,000+ exposed instances are architecturally impossible with remote MCP. MCP’s OAuth 2.1 model keeps credentials server-side with scoped, short-lived tokens, not stored in local dotfiles waiting to be exfiltrated.
Of course MCP is not a silver bullet. It had 30+ CVEs of its own in early 2026, but its design makes secure deployment the path of least resistance.
2. Observability
When an agent uses a CLI, what gets logged? Whatever the agent decides to capture. When an agent uses an MCP server, you get structured, standardized telemetry: what was requested, what was executed, what was returned, and how long it took.
The 2026 MCP roadmap makes this explicit: end-to-end audit trails enterprises can feed into existing logging and compliance pipelines. For regulated industries, and many of the large US banks and financial institutions I speak to, this is required.
3. Governance
Who can use which tools? What versions are deployed? How do you roll out an upgrade across 200 agents? How do you ensure consistent behavior?
Charles Chen jokes that the CLI-only argument is “cowboy vibe-coding culture.” Every developer installs their own version, configures their own flags, manages their own upgrades. As Ngiam points out, there’s no “consistent interface across CLIs: credential management, flag conventions, error handling all work differently.”
MCP servers provide centralized configuration, version control, and dynamic content delivery, what Chen calls “server-delivered SKILL.md” that auto-updates across all tools without manual synchronization. This is well-managed. It means your OpenClaw agent, isn’t auto-installing skills and CLIs from the web on its own! The tradeoff of agent autonomy for security and governance is clear here.
Lastly, there is the sobering practical consideration that many enterprise backends don’t have CLIs. They may have APIs — often REST, sometimes GraphQL, but wrapping them in a CLI means custom tooling for each system. MCP provides a standard protocol for wrapping these APIs once and making them available to any MCP-compatible client.
What About Skills and Code Mode?
Skills are process documentation for agents, encoding domain-specific know-how, team conventions, and multi-step workflows. They’re complementary to both CLIs and MCPs. In fact skills + MCP is often what Anthropic uses to post specific vertical plug-ins. (As an aside agents sometimes don’t pickup the right skill. Vercel’s evaluation of their Next.js agent found that in the majority of eval cases, the agent never invoked the available skill at all).
Code Mode gives the agent an API spec and lets it write custom code in a sandbox for each request - this is of course maximally flexible and best for intricate use cases, but hard to audit, govern, or make repeatable.
The Path to Agent Autonomy
The path forward, which every AI model company is building towards is to create the infrastructure that lets autonomy scale safely. MCP’s gateway pattern, scoped tokens, and structured telemetry make sense as steps in that direction, at least for now. As models improve and earn more trust, the guardrails can loosen. In a notable turn, OpenClaw’s founder Peter Steinberger shared that the next version will adopt MCP, replacing its proprietary messaging channel with the standardized protocol.
The enterprises I speak to — large US banks, financial institutions, technology companies are already using MCP or actively adopting it, and almost always with Gateways to secure the MCPs. The ecosystem has grown to over 5,800 community and enterprise servers spanning databases, CRMs, cloud providers, and developer tools. I expect the future to look like smarter models that use MCP, Skills, CLIs, and Code Mode fluidly, with perhaps many more custom plugins available and better automatic Skills recognition by agents. With the right guardrails, there’s no doubt we will get to Agent autonomy one day soon - the benefits are too good to ignore.
Aparna Sinha is the host of the EnterpriseAligned AI podcast, where she speaks with enterprise leaders about AI adoption in practice. Upcoming episodes feature conversations with RBC and Coursera about their own MCP adoption journeys.
Sources: