# MCPBlog.dev

> The MCP Ecosystem Blog — Security research, tool discovery patterns, and infrastructure insights for developers building with the Model Context Protocol.

## About

MCPBlog.dev covers the Model Context Protocol (MCP) ecosystem with a focus on security, tool discovery, infrastructure patterns, and governance. Written by Algis Dumbris.

## Topics

- Security: Tool poisoning, supply chain attacks, schema drift, credential harvesting
- Discovery: BM25 search, semantic routing, context management, tool filtering
- Infrastructure: Proxies, gateways, sandboxing, OAuth 2.1, Docker isolation
- Ecosystem: Standards (NIST), conferences, community trends, registry governance

## Posts

- [Deploy Your Own Agent Messaging Hub in 15 Minutes -- For Free](https://mcpblog.dev/blog/2026-03-16-deploy-agent-messaging-hub): SynapBus is a single Go binary that gives your AI agent swarm Slack-like messaging, semantic search, and MCP connectivity. Deploy it with Docker or Kubernetes, expose it via Cloudflare Tunnel, and connect your first agents -- total cost: $0.
- [A2A v1.0 Is Here: How Google's Agent Protocol Complements MCP](https://mcpblog.dev/blog/2026-03-15-a2a-v1-mcp): Google's Agent-to-Agent protocol just hit v1.0 under the Linux Foundation. Here is how A2A and MCP work together to enable the next generation of AI agent architectures.
- [The OWASP MCP Top 10: A Security Framework for the AI Agent Era](https://mcpblog.dev/blog/2026-03-15-owasp-mcp-top-10): The OWASP MCP Top 10 maps the most critical security risks in AI agent tool integration — from tool poisoning to context poisoning. Here is what practitioners need to know.
- [Securing MCP Servers: From Tool Poisoning to Filesystem Sandboxing](https://mcpblog.dev/blog/2026-03-13-mcp-filesystem-sandboxing): The MCP security landscape has evolved through three waves: protocol scanning, traffic proxying, and OS-level sandboxing. Here's the full map of projects and where the frontier is heading.
- [MCP Tool Annotations: What They Are, Why They Matter, and What's Coming Next](https://mcpblog.dev/blog/2026-03-13-mcp-tool-annotations): The MCP spec includes five tool annotation fields that tell agents whether tools are read-only, destructive, or open-world. Most servers don't use them. Here's why that needs to change.
- [NIST Evaluates MCP for AI Agent Identity Governance](https://mcpblog.dev/blog/2026-03-08-nist-mcp-agent-identity): NIST's draft concept paper lists MCP as one of five standards under evaluation for agentic AI authentication. What this means for MCP's legitimacy and enterprise adoption.
- [Why Google Dropped MCP: Context Explosion and the Tool Discovery Problem](https://mcpblog.dev/blog/2026-03-09-context-explosion-tool-discovery): Google quietly removed MCP from its Workspace CLI after tool definitions ballooned context windows to 100K tokens. The tool discovery problem is MCP's biggest scaling barrier.
- [The Confused Deputy Problem in MCP Authentication](https://mcpblog.dev/blog/2026-03-10-confused-deputy-mcp-auth): MCP's authentication model has a fundamental gap: servers cannot verify whether an agent was authorized to use the credentials it presents. Here's why this matters and what's being done about it.
- [Anatomy of the Clinejection Attack: When AI Agents Become Supply Chain Vectors](https://mcpblog.dev/blog/2026-03-11-clinejection-anatomy): A detailed breakdown of the Clinejection attack chain that compromised the Cline VS Code extension in January 2026, and what it reveals about trust boundary gaps in MCP composition.
- [The State of MCP Security in 2026: What You Need to Know](https://mcpblog.dev/blog/2026-03-12-state-of-mcp-security): A comprehensive look at the security landscape of the Model Context Protocol ecosystem - from tool poisoning attacks to emerging defenses.

## Links

- Blog: https://mcpblog.dev/blog
- RSS: https://mcpblog.dev/rss.xml
- Full content for LLMs: https://mcpblog.dev/llms-full.txt
- About: https://mcpblog.dev/about