Back to all videos

How AWS Bedrock is shaping Model Context Protocol

By The New Stack

AI TechnologyCloud ComputingSoftware DevelopmentEnterprise Software
Share:

Key Concepts

  • MCP (Model Context Protocol): An open-source standard designed to provide a universal, secure connector between AI agents and external data sources or tools.
  • Transport Models: The underlying communication methods for MCP, specifically evolving from HTTP+SSE to "Streamable HTTP."
  • Tasks: An MCP feature designed for long-running operations that require status polling rather than immediate responses.
  • Elicitations: A security mechanism requiring explicit user approval for potentially disruptive agent actions.
  • Agentic Security: The practice of using sandboxing, network controls, and discrete tool definitions to prevent unauthorized agent behavior.
  • Token Frugality: The strategy of minimizing unnecessary LLM token consumption by offloading repetitive tasks (like polling) to the client/application layer.

1. The Evolution and Adoption of MCP

The Model Context Protocol (MCP) has transitioned rapidly from an Anthropic-led open-source project to an enterprise-grade standard. AWS has been a significant contributor, integrating MCP into its Bedrock platform.

  • Timeline: Initial authorization specifications (built on OAuth) emerged in early 2025, serving as a tipping point for enterprise adoption.
  • Scaling Challenges: Early versions relied on "HTTP+SSE" (Server-Sent Events), which required complex, expensive "sticky sessions." The shift to "Streamable HTTP" allowed for static JSON responses, enabling massive scalability for enterprise deployments.

2. Key Technical Features

AWS has contributed specific functionalities to the MCP specification to address real-world enterprise limitations:

  • Tasks: Introduced in November 2025 to handle long-running operations. This prevents two major failure modes:
    • Hallucinations: Models often invent job IDs when polling for status.
    • Model Fatigue: Models frequently "give up" on long-running tasks, leading to incomplete workflows.
  • Elicitations: Introduced in June 2025 to manage "disruptive actions" (e.g., deleting a database). It forces a human-in-the-loop interaction, ensuring that agents cannot execute high-risk commands without explicit user consent.

3. Security Frameworks

Luca Chang emphasizes a "defense-in-depth" approach to agent security:

  • Architecture vs. Protocol: Security is achieved through a combination of sandboxing (isolating the agent environment) and network controls.
  • The "Box" Philosophy: Referencing Mark Brooker’s work, the goal is to define a discrete set of tools an agent can access. Unlike "OpenClaw" (which allows agents broad access to bash and CLIs), MCP restricts agents to a predefined, audited toolset, significantly reducing the "blast radius" of potential leaks.
  • Future Proposals: The team is working on integrating OAuth and Workload Identity Federation to improve credential management.

4. Strategic Perspectives and Challenges

  • The "Universal" Mandate: A major concern for maintainers is "agent-specific" MCP servers. The goal is to keep MCP as a universal connector (like USB-C). If developers build servers that reference specific agent tools (e.g., tools unique to "Claude Code" or "Kilo Code"), it fragments the ecosystem and undermines the protocol's purpose.
  • Context Bloat: While MCP helps, it can lead to token-heavy interactions. The solution lies in "progressive disclosure" models and better client-side design, rather than just adding more tools to the protocol.
  • Market Growth: MCP usage is expected to scale faster than agent usage itself, as each agent typically requires multiple MCP servers to connect to various SaaS products.

5. Notable Quotes

  • "We don't exactly look to make contributions as quickly as possible. The contributions sort of fall out of our customer use cases that we explore."Luca Chang on the AWS contribution philosophy.
  • "MCP is supposed to be universal... we don't want people building servers that are only for one agent."Luca Chang on maintaining the integrity of the protocol.
  • "I think that we need to bring that [agentic] magic into a more secure environment."Alex (Host) on the tension between the "wild west" of OpenClaw and enterprise security requirements.

Synthesis and Conclusion

The development of MCP represents a critical shift toward a standardized "agentic economy." By moving away from brittle, model-driven polling toward structured, secure, and task-oriented protocols, AWS and the maintainer community are enabling enterprises to safely integrate AI into production environments. The primary takeaway is that while the technology is moving rapidly, the focus remains on governance, security, and universality. The future of MCP will likely be defined by the June 2026 specification update, which aims to further refine remote transports and authentication, ensuring that agents can interact with internal company data without compromising security.

Chat with this Video

AI-Powered

Hi! I can answer questions about this video "How AWS Bedrock is shaping Model Context Protocol". What would you like to know?

Chat is based on the transcript of this video and may not be 100% accurate.

Related Videos

Ready to summarize another video?

Summarize YouTube Video