The Model Context Protocol (MCP) is moving faster than the developer community can keep up with, racing past its original design parameters and leaving teams scrambling to build clients that can match its pace. The result is an ecosystem where the protocol itself keeps shifting under everyone’s feet, and where the tooling, conventions and security thinking that should accompany a foundational standard are still being figured out on the fly.
Joey Stout, solutions architect at Spacelift, joins Mike Vizard to make the case that this is the price of being early. Stout describes an environment that increasingly resembles a Wild West, where rogue MCP servers get spun up inside organizations without anyone in leadership knowing they exist, let alone whether they have basic guardrails wrapped around them. The convenience of standing one up in a few minutes has outrun the discipline needed to govern them.
MCP servers can give AI agents broad reach into internal systems, data and APIs, and most of the early implementations were never designed with adversarial behavior in mind. Without authentication standards, scoped permissions and observability built in, every new server becomes another piece of shadow infrastructure that can be exploited, misconfigured or simply forgotten until it causes a problem.
Stout’s advice for developers is blunt: embrace the suck. The protocol is going to keep changing, the security story is going to keep evolving, and waiting for a stable, fully governed version before getting hands-on isn’t a realistic option. The teams that learn to wrangle MCP now — messy edges and all — will be the ones positioned to set the patterns everyone else ends up following.
