The Model Context Protocol's impact on 2025 - Thoughtworks

Finally, it’s also worth calling out a technique we’ve been exploring for agentic coding: **Anchoring coding agents to a reference application** **(*Techniques/Assess*)**. It addresses the age-old problem of code drift, where the live state of an application differs from how it's defined in code. It’s easy to see how such an issue could prove particularly troublesome for AI agents — by employing an MCP server to help anchor agents to template code and commit diffs, it becomes easier for those agents to detect and mitigate drift. ## MCP risks and antipatterns As with any rapidly adopted and much–hyped technology or trend, MCP isn't without risks. The most significant is security. As one widely shared article joked, the S in MCP stands for security. The piece, by researcher Elena Cross, outlines a number of common attack vectors opened up by MCP. This includes tool poisoning, where the MCP tool contains a malicious description, silent or mutated definitions and cross-server tool shadowing, where a malicious agent intercepts calls made to one that’s trusted. She makes the point that the protocol’s focus is on simplicity and ease, not authentication and encryption. … While there are undoubtedly technical risks associated with MCP, some caution about when and where to use MCP could go a long way to mitigating many issues. For instance, we’ve noticed a rush to convert APIs to MCP servers. This is a trend that raises serious issues from both a security and efficiency perspective, which is why we’ve urged caution against what we describe as **naive API-to-MCP conversion** ** (*Techniques/Hold*)** on Technology Radar Vol.33.