Bringing MCPs to the Enterprise — Karan Sampath, Anthropic

Key Concepts

• MCP (Model Context Protocol): An open standard designed to connect AI agents to external data and tools.
• Gateway: A centralized middle layer (proxy) positioned between MCP clients and multiple MCP servers to manage security, traffic, and policy.
• Root of Trust: A foundational security principle where the enterprise "blesses" a single platform (the gateway) to manage all connections, ensuring consistent security posture.
• Decentralization: Empowering individual teams to build their own MCP servers without needing to manage complex infrastructure or security protocols.
• Agent Harness: The environment or platform where AI agents operate, which should be decoupled from the underlying data layer.

1. The Enterprise Challenge with MCPs

Karan Sampath identifies that while the MCP ecosystem is growing rapidly, enterprises face a "three-headed hydra" of obstacles that prevent effective adoption:

• Observability: Lack of visibility into which tools are being used, by whom, and which components are failing.
• Access Control: Difficulty in scoping permissions (e.g., allowing all employees to view logs but only specific users to modify dashboards).
• Security: Challenges in verifying server safety, preventing data exfiltration, and managing connections from potentially untrusted remote clients.

The Bottleneck: Currently, enterprises are stuck with a handful of MCP tools because security teams are overloaded and unable to vet the explosion of decentralized MCP servers. This prevents organizations from realizing the full potential of agentic workflows.

2. The Gateway Architecture

The speaker argues that a Gateway is the optimal solution to bridge the gap between decentralized development and enterprise-grade security.

Core Components of a Gateway:

• Authentication & Authorization: Centralized identity management (pluggable with existing IDPs).
• Proxy/Routing: The gateway acts as the single trusted endpoint; clients connect only to the gateway, which then routes requests to internal servers.
• Secure Tunneling: Encrypted connections between the client and the internal infrastructure.
• Sub-registry: A managed catalog of internal MCP servers.
• CLI Tooling: A standardized interface that allows teams to deploy new MCP servers quickly without needing to build security or auth logic from scratch.

3. Strategic Benefits of the Gateway Approach

Implementing a gateway provides several "free lunch" advantages for enterprises:

• Surface Invariance: Once an MCP server is connected to the gateway, it can be accessed by any client (e.g., Claude.ai, Claude Core, or custom internal SDKs) without reconfiguration.
• Faster Iteration: Teams (like Legal or HR) can focus solely on business logic, allowing them to iterate on their tools without repeated, lengthy security reviews.
• Standardized Primitives: Enterprises can encode their "Standard Operating Procedures" directly into the gateway, ensuring all agents behave according to company policy.
• Scalability: The gateway handles the load of routing requests, allowing the infrastructure to scale from tens to hundreds of thousands of agents seamlessly.

4. Future Vision: Decoupling Agents from Data

The ultimate goal is to separate the Agent Harness (the AI execution layer) from the Data Layer (where the information lives).

• Key Argument: By using a gateway, the enterprise creates an invariant infrastructure. Whether an agent is managed externally (e.g., via Claude) or built internally, the data access layer remains consistent.
• Quote: "The gateway is an investment which will allow you... the flexibility to try and meet the wide-ranging agent needs of the future."

5. Synthesis and Takeaways

The presentation concludes with three actionable recommendations for enterprises:

1. Invest in Common Infrastructure: Avoid "rolling your own" security for every individual MCP server.
2. Establish a Root of Trust: Use a gateway to centralize security, authentication, and observability, which enables decentralized development by individual teams.
3. Decouple Layers: Move toward an architecture where the agent harness is independent of the data layer, ensuring the organization remains agile as new AI surfaces and agent technologies emerge.