The MCP Beast Blog
Field notes on MCP, agent security, and governance
Practical guides for platform, security, and AI leaders putting the Model Context Protocol into production.
MCP Fundamentals
4 articlesJanuary 18, 2026 · Antoine van der Lee
LLM Tool Calling Explained: How It Works
How LLM tool calling works end to end, why per-vendor function calling fragmented, and how MCP standardizes the integration layer for enterprises.
Read →January 10, 2026 · Antoine van der Lee
What Are MCP Servers? Enterprise Guide
MCP servers expose tools, resources, and prompts to AI agents. How they work, local vs. remote, transports, and the risk of server sprawl at scale.
Read →January 2, 2026 · Ralph Duin
MCP vs API: Differences and When You Need Both
MCP and APIs solve different problems. Learn when to use each, how MCP wraps existing APIs as tool servers, and what this means for enterprise security.
Read →December 25, 2025 · Antoine van der Lee
What Is the Model Context Protocol?
The Model Context Protocol is the open standard wiring AI agents to tools and data. Its architecture, primitives, and enterprise governance gaps.
Read →
Security & Access Control
7 articlesMarch 15, 2026 · Ralph Duin
MCP Best Practices: Production Checklist
A prioritized checklist of MCP best practices covering security, operations, and governance—with enterprise-scale guidance for each domain.
Read →March 7, 2026 · Antoine van der Lee
AI Agent Access Control: RBAC, Scopes, Least Privilege
AI agent access control: RBAC, attribute-based policy, tool scopes, and least privilege—plus the failure modes that derail each approach.
Read →February 27, 2026 · Ralph Duin
Shadow AI: Governing Ungoverned Agents
Shadow AI agents act on your data autonomously — no audit trail, no DPA, no policy scope. Here's how to find them and govern them before an auditor does.
Read →February 19, 2026 · Antoine van der Lee
Prompt Injection in MCP: Attacks and Defenses
How prompt injection exploits MCP agents, why indirect injection via tool output is the dominant enterprise risk, and the layered defenses that help.
Read →February 11, 2026 · Antoine van der Lee
AI Agent Security: Threats AppSec Misses
AI agent security: non-human identity sprawl, runaway blast radius, and indirect injection that traditional AppSec was never built to catch.
Read →February 3, 2026 · Antoine van der Lee
MCP Authentication & OAuth 2.1 Explained
MCP authentication explained: OAuth 2.1 with PKCE, token scoping, audience binding via RFC 8707, rotation, and the production pitfalls to avoid.
Read →January 26, 2026 · Antoine van der Lee
MCP Security: Enterprise Guide to Locking Down Agents
A practical MCP security threat model and prioritized controls checklist for enterprise teams securing Model Context Protocol deployments at scale.
Read →
Operations & Gateways
5 articlesApril 24, 2026 · Ralph Duin
AI Agent Audit Log: What to Capture
What an AI agent audit log must capture—identity, inputs, policy decisions, and results—to satisfy compliance auditors and prove business value.
Read →April 16, 2026 · Antoine van der Lee
MCP Monitoring & Observability Guide
How to monitor MCP traffic and AI agents using metrics, traces, and logs — and why traditional APM falls short for agentic workloads.
Read →April 8, 2026 · Antoine van der Lee
MCP Server Registry: Discovery, Versioning, Trust
What an MCP server registry does, where versioning and signing break down without one, and how to build a governed catalog enterprise agents can trust.
Read →March 31, 2026 · Ralph Duin
MCP Server Management at Scale
How enterprise teams onboard, configure, version, monitor, and deprecate MCP servers—and why ad-hoc management breaks down past a handful of servers.
Read →March 23, 2026 · Ralph Duin
What Is an MCP Gateway?
An MCP gateway is the centralized control layer that routes, authenticates, and governs every agent-to-tool connection in your enterprise AI stack.
Read →
Governance & ROI
4 articlesMay 26, 2026 · Ralph Duin
AI Agent ROI: Prove Value, Not Vibes
Quantify AI agent ROI with time saved, deflection, revenue, and risk avoided—and why audit-grade receipts beat spreadsheet estimates.
Read →May 18, 2026 · Ralph Duin
AI Governance in 2026: Standards, Tools & Compliance
AI governance in 2026: NIST AI RMF, EU AI Act enforcement shifts, ISO/IEC 42001, and the tooling closing the policy-to-enforcement gap.
Read →May 10, 2026 · Ralph Duin
AI Agent Governance for Regulated Industries
A practical ai agent governance framework for finance and healthcare — mapped to NIST AI RMF functions and EU AI Act Articles 9, 14, and 17.
Read →May 2, 2026 · Ralph Duin
Enterprise AI Governance Framework
A practical enterprise AI governance framework—policy, controls, audit, and ownership—for moving from principles to enforcement across AI agents.
Read →