Using Claude

What Is MCP (Model Context Protocol)? Architecture and Security

MCP (Model Context Protocol) is an open standard for how AI models connect to external tools. Covers the architecture, how it works, and security considerations.

🌐 This article was machine-translated and may contain inaccuracies. Refer to the Korean original if in doubt.

MCP (Model Context Protocol) is an open standard Anthropic released in November 2024. It standardizes how AI models connect to external tools, databases, and services.

The problem MCP solves

Before MCP, you had to write separate integration code for every LLM and every tool (the N×M problem). For example, you'd build a GitHub integration for Claude and another for ChatGPT separately. MCP lets you expose a tool once as an MCP server, and any host that supports MCP (Claude Desktop, Cursor, VS Code, etc.) can use it.

Architecture

  • Host: the AI app the user interacts with (Claude Desktop, an IDE, etc.)
  • Client: discovers servers within the host and routes tool calls
  • Server: exposes access to actual tools and data (GitHub, PostgreSQL, Slack, etc.)

Communication is based on JSON-RPC 2.0. Function calling is the underlying mechanism that actually executes tools, and MCP provides a standardized connection layer on top of it.

Why it matters

MCP is vendor-neutral. Build a tool integration once and you don't have to rewrite it when you switch models from Claude → GPT → Gemini. Integration investment is decoupled from model choice. Major providers like OpenAI and Google have also adopted MCP.

Security considerations

An MCP server gives the AI model direct access to tools. A misconfigured server could let the AI read data it shouldn't, or write or delete data. Follow these practices:

  • Restrict to read-only scope where possible
  • Run the server under a least-privilege service account
  • Enable client-side execution confirmation for destructive actions (delete/modify)

Note that MCP's security model recommends explicit user consent for tool calls, but actual enforcement is the responsibility of the host app. Check how your host implements consent.

Token cost

Each MCP tool definition and call result is included in the context, so it consumes tokens. Connecting many servers at once can increase token usage, so it's best to enable only the servers you need.

MCP is a fast-evolving standard. Check the official docs (modelcontextprotocol.io) for the latest spec.