The MCP Beast Blog
Practical guides for platform, security, and AI leaders putting the Model Context Protocol into production.
January 18, 2026 · Antoine van der Lee
How LLM tool calling works end to end, why per-vendor function calling fragmented, and how MCP standardizes the integration layer for enterprises.
Read →January 10, 2026 · Antoine van der Lee
MCP servers expose tools, resources, and prompts to AI agents. How they work, local vs. remote, transports, and the risk of server sprawl at scale.
Read →January 2, 2026 · Ralph Duin
MCP and APIs solve different problems. Learn when to use each, how MCP wraps existing APIs as tool servers, and what this means for enterprise security.
Read →December 25, 2025 · Antoine van der Lee
The Model Context Protocol is the open standard wiring AI agents to tools and data. Its architecture, primitives, and enterprise governance gaps.
Read →June 15, 2026 · Antoine van der Lee
MCP credential injection happens when agent prompts, tool output, or server config push secrets into places agents and logs can expose. Learn the controls.
Read →March 15, 2026 · Ralph Duin
A prioritized checklist of MCP best practices covering security, operations, and governance—with enterprise-scale guidance for each domain.
Read →March 7, 2026 · Antoine van der Lee
AI agent access control: RBAC, attribute-based policy, tool scopes, and least privilege—plus the failure modes that derail each approach.
Read →February 27, 2026 · Ralph Duin
Shadow AI agents act on your data autonomously — no audit trail, no DPA, no policy scope. Here's how to find them and govern them before an auditor does.
Read →February 19, 2026 · Antoine van der Lee
How prompt injection exploits MCP agents, why indirect injection via tool output is the dominant enterprise risk, and the layered defenses that help.
Read →February 11, 2026 · Antoine van der Lee
AI agent security: non-human identity sprawl, runaway blast radius, and indirect injection that traditional AppSec was never built to catch.
Read →February 3, 2026 · Antoine van der Lee
MCP authentication explained: OAuth 2.1 with PKCE, token scoping, audience binding via RFC 8707, rotation, and the production pitfalls to avoid.
Read →January 26, 2026 · Antoine van der Lee
A practical MCP security threat model and prioritized controls checklist for enterprise teams securing Model Context Protocol deployments at scale.
Read →June 10, 2026 · Antoine van der Lee
Every connected MCP server injects its full tool list into the model's context before you type a word. Here is the mechanic, the mitigations, and an audit checklist.
Read →June 8, 2026 · Antoine van der Lee
Step-by-step ways to put multiple MCP servers behind one endpoint: the open-source proxies (sparfenyuk/mcp-proxy, TBXark/mcp-proxy, mcpo) compared honestly, plus the managed alternative.
Read →June 5, 2026 · Ralph Duin
Seven evaluation criteria for choosing an MCP gateway — credential isolation, policy, audit, deployment model, token efficiency, registry, and pricing — plus a printable checklist.
Read →June 3, 2026 · Ralph Duin
MCP proxies forward traffic, routers decide where it goes, and gateways add policy, identity, and audit on top. Here is how to tell them apart — and which one you actually need.
Read →April 24, 2026 · Ralph Duin
What an AI agent audit log must capture—identity, inputs, policy decisions, and results—to satisfy compliance auditors and prove business value.
Read →April 16, 2026 · Antoine van der Lee
How to monitor MCP traffic and AI agents using metrics, traces, and logs — and why traditional APM falls short for agentic workloads.
Read →April 8, 2026 · Antoine van der Lee
What an MCP server registry does, where versioning and signing break down without one, and how to build a governed catalog enterprise agents can trust.
Read →March 31, 2026 · Ralph Duin
How enterprise teams onboard, configure, version, monitor, and deprecate MCP servers—and why ad-hoc management breaks down past a handful of servers.
Read →March 23, 2026 · Ralph Duin
An MCP gateway is the centralized control layer that routes, authenticates, and governs every agent-to-tool connection in your enterprise AI stack.
Read →May 26, 2026 · Ralph Duin
Quantify AI agent ROI with time saved, deflection, revenue, and risk avoided—and why audit-grade receipts beat spreadsheet estimates.
Read →May 18, 2026 · Ralph Duin
AI governance in 2026: NIST AI RMF, EU AI Act enforcement shifts, ISO/IEC 42001, and the tooling closing the policy-to-enforcement gap.
Read →May 10, 2026 · Ralph Duin
A practical ai agent governance framework for finance and healthcare — mapped to NIST AI RMF functions and EU AI Act Articles 9, 14, and 17.
Read →May 2, 2026 · Ralph Duin
A practical enterprise AI governance framework—policy, controls, audit, and ownership—for moving from principles to enforcement across AI agents.
Read →