At API World this year, a common theme echoed by speakers was that best practice is not common practice.
And with company's today are FOMOing into MCP (Model Context Protocol) servers, it's more dangerous than ever.
On the surface, MCP seems harmless: just a way to let AI agents talk to your services. But if history tells us anything, oversimplifying new technology always comes with hidden costs.
The Pattern We Keep Repeating
Cloud Misunderstood
When cloud arrived, many businesses thought: “So it’s just renting a server instead of running it on-prem.” Technically true. But by seeing cloud only as a wrapper, they missed new billion-dollar categories of business.
The point of cloud was scalable architecture. Netflix leveraged this and served videos in a way like never before.
Mobile Misunderstood
When mobile apps took off, the thinking was: “So now we can put our website into an app. Convenient!” Again, not wrong. But the real opportunity was integrating mobile features into the business. Uber and Lyft are examples of those who leveraged native phone features (geolocation, payments, push notifications) and came out on top.
MCP Being Misunderstood
Now MCP is here. And the prevailing view? “So we can make our services readable by AI agents. Convenient!” Not wrong, but if companies keep thinking of MCP as a simple wrapper around endpoints, they’ll repeat the same mistake: miss out on billion-dollar opportunities.
But this time they'll be opening themselves up to lawsuits.
Why This Is Worse with MCP
Across all industries, Enterprise APIs already suffer from spec drift and sloppy practices:
Internal APIs promoted to public without proper controls.
Backend-for-Frontend APIs stuffed with “just-in-case” fields.
REST misconfigurations returning far more data than the UI needs.
Versioning handled, but deprecation avoided, leaving zombie endpoints alive forever.
In the past, these mistakes were painful but containable. A careless payload might inconvenience a customer or expose a fragment of data.
But with MCP and AI agents, those fragments are no longer isolated. Agents stitch them together.
What was once harmless oversharing suddenly becomes a complete data leak.
A Concrete Example
In my OverexposedAPI project, I connected an AI agent to a FastAPI service that returned “extra” fields of PII info.
I hooked up Claude the OverexposedAPI and below is a screenshot the details. The example is a bit extreme but it illustrates a real attack surface.
Invisible to the human eye, overexposed fields in response typically go unnoticed as long as frontends don’t display them.
For AI Agents, these response payloads won't be ignored. It will pull those fragments, combine them with other accessible fields, and reconstruct sensitive information that should have never been exposed.
The takeaway: what feels like a harmless and common practice today can become a multimillion-dollar lawsuit tomorrow when an AI agent interface it.
What Businesses Actually Want
Executives don’t want to fear MCP. They want:
Risk reduced → no lawsuits, no headlines.
Costs avoided → no last-minute compliance fire drills.
Growth enabled → confidence to safely explore AI-native opportunities.
How to Set Up MCP Servers Safely
Companies rushing into MCP need to slow down and adopt guardrails:
Audit APIs → separate internal from public-facing, reduce “just in case” fields.
Minimize payloads → principle of least privilege.
Abstract the MCP layer → never just wrap endpoints 1:1.
Enforce policies → authentication, rate limiting, logging, audit trails.
Plan for deprecation → clean old endpoints before agents discover them.
A New Mental Model
Think of MCP as the next mobile moment.
Treat it as a wrapper, and you’ll miss the real opportunity and face lawsuits when agents expose your weak spots.
Treat it as a new category of business, by integrating AI into business in ways that were not possible before.
The companies that win won’t be the ones that rushed MCP out of FOMO. They’ll be the ones that rethought their business for an AI-first world.