[AI Burst] 97 Million Installs and Nobody Asked Permission

Anthropic's MCP just became the TCP/IP of AI agents. And most enterprise security teams have no idea it's running in their environment.

Anthropic's Model Context Protocol hit 97 million installs in March 2026. Every major AI provider now ships MCP-compatible tooling. If you haven't heard of it — and most non-developers haven't — here's the short version: MCP is the protocol that lets AI agents connect to external tools, databases, APIs, and file systems. It's the plumbing behind every agent that can actually do things, not just answer questions.

This didn't happen through a standards committee or a government mandate. It happened because developers needed AI agents to connect to the real world, and MCP worked better than anything else. Ninety-seven million installs in roughly a year is TCP/IP-speed adoption. That's not an exaggeration — TCP/IP, the protocol that runs the internet, took about that long from invention to ubiquity.

The difference is nobody issued a security advisory about TCP/IP before enterprises started routing everything through it. And nobody's issuing one for MCP either.

❓Why It Matters

Here's what that adoption curve actually means for you at work.

When a protocol becomes universal infrastructure, it also becomes a universal attack surface. The same thing that makes MCP powerful — it lets AI connect to everything — is exactly what makes it a risk. An agent that can read your files and query your CRM can also be manipulated, via prompt injection, into exfiltrating them. The security community flagged this specific attack vector this week: prompt injection via MCP tool descriptions. No standard mitigation exists yet.

Meanwhile, enterprise AI budgets are exploding. Eighty-six percent of IT leaders say their AI spending increases this year. Most of that money is chasing agents. But the security conversation about the protocol layer underneath those agents is months behind the deployment curve.

You're building a new floor. The foundation hasn't been inspected.

Before you deploy another AI agent that uses MCP, run a fast audit. What tools is each agent connected to? What can it access? Who approved those connections? Is anything getting logged?

Treat MCP integrations the same way you'd treat a new API endpoint — access controls, logging, documented data flow. The agents are only as trustworthy as the protocol running under them.

🛠️ THE TOOLKIT

The high-leverage GenAI stack you need to know this week.

Your 30-second scan of the AI landscape.

TCP/IP was invented in 1974 by Vint Cerf and Bob Kahn. It wasn't mandated by anyone. It just worked better than the alternatives and got adopted quietly until it was running underneath everything. Nobody asked permission. Then, decades later, the internet had a fundamental security problem that couldn't be patched without replacing the whole foundation — because the protocol was never designed with authentication in mind.

That's not a history lesson. That's a preview.

"We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run." — Roy Amara

Till next time,

For deep-dive analysis on cybersecurity and AI, check out my popular newsletter, The Cybervizer Newsletter

Meet Accio Work—the agentic workspace for business owners and solopreneurs. Our smart agents handle sourcing, supplier negotiation, store management, and marketing on autopilot. Powered by Alibaba.com data, we turn ideas into action instantly. No setup, no hassle—just seamless execution while you stay in control and focus on growing your business.

Try Accio Work Now!