Apidays Paris 2025 - Governance and Security of APIs and MCPs By Isabelle Mauny.

Presenters

Isabelle Mauny

Source

apidays Paris 2025

🚀 Rethinking the MCP: Do You Really Need a Model Control Plane for Agentic AI? 🤖

Agentic AI is the buzzword on everyone’s lips, promising a new era of automation and intelligent applications. But amidst the hype, a crucial question is emerging: do all organizations need a dedicated Model Context Protocol (MCP) server to truly harness the power of agents?

Isabelle, a seasoned API security expert with over 20 years of experience, tackled this very question in a recent presentation, challenging conventional wisdom and offering some seriously valuable insights. Let’s dive into the key takeaways – and how you can avoid repeating past mistakes.

🎯 What’s the Core Idea? Agents & Tools, Not Just MCPs

Isabelle’s central argument is simple: agentic applications are built on a foundation of models (LLMs), knowledge (RAG), tools, context, and memory. While an MCP can be a useful tool for managing those tools, it’s not a mandatory prerequisite. Function calls can be a perfectly viable alternative, especially in the early stages.

Think of it like this:

The Lib vs. API Evolution: Remember when libraries were the norm, and then APIs emerged to offer more flexible and externalized code sharing? MCPs are essentially the API equivalent for agent tools. You can embed tools directly within your agent framework, or you can use an external MCP. The choice depends on your specific needs.

🌐 Enterprise API Considerations & the Risk of Reinvention

The rush to adopt MCPs mirrors earlier cycles of API development. If you have public APIs, an MCP might be necessary quickly to prevent others from building their own, potentially uncontrolled versions. However, Isabelle cautions against reinventing the wheel. We should leverage existing API governance frameworks like Blue Design, Pink Development, and Green Deployment – principles honed over years of experience.

She shared a sobering cautionary tale of a $47,000 token bill resulting from poorly designed agents and looping interactions, a stark reminder of the potential pitfalls.

🛠️ Key Considerations for Building (or Not Building) an MCP

So, if you do decide to build an MCP, here’s what you need to keep in mind:

Granularity is King: Existing APIs often aren’t optimized for agent interaction, leading to inefficient token usage. The concept of a “Backend for Agents” (BFA) – similar to the Backend for Frontend (BFF) pattern in API development – will be crucial for optimizing the interface.
Descriptions are Paramount: LLMs rely heavily on the descriptions within an MCP to understand how to use the tools. Careful design and validation of these descriptions are essential to prevent unintended behavior and security vulnerabilities.
Security First: Building an MCP on top of potentially insecure APIs doesn’t magically improve security. Secure the underlying APIs first.
Agent Identity & Permissions: Just like human employees, agents need identities and permissions to control access to tools and data.
Dynamic Landscape: MCPs are a relatively new technology – just over a year old – and are inherently dynamic, with versions changing frequently. This introduces new security challenges and requires robust monitoring and control.

✨ Tools & Technologies in the Agentic AI Ecosystem

Here’s a quick rundown of the tools and technologies mentioned:

LLMs (Large Language Models): The brains of the operation.
RAG (Retrieval-Augmented Generation): Boosting LLMs with external knowledge.
Open APIs: The building blocks for many agents.
MCP (Model Control Plane): The potential manager of those tools.
ChatGPT: A familiar example of an LLM in action.
Blue Design, Pink Development, Green Deployment: API lifecycle best practices.
DevSecOps: Integrating security throughout the development process.
GraphQL: A query language that can help avoid over-fetching data.
Invariant & Burp: Security testing tools for LLMs and APIs.
npm, Maven, PiPi: Package managers – remember the npm worm? Isabelle highlighted this to illustrate the security risks associated with external dependencies, prompting a discussion with the audience about their experiences.

📡 The Future: Standardization & the AI Foundation (AIAF)

Exciting news! The Entropic MCP standard has been handed over to the Linux Foundation under a new foundation called the AI Foundation (AIAF). This signals a move towards standardization in the rapidly evolving world of agentic AI.

👨‍💻 Key Takeaway: Think Critically, Start Small

Isabelle’s presentation wasn’t about dismissing MCPs entirely. It was about encouraging a more critical evaluation of whether they’re truly necessary. Don’t jump on the bandwagon just because everyone else is. Start small, leverage existing API governance frameworks, and prioritize security.

As Isabelle aptly put it, addressing the audience and asking if anyone felt pressured by their CIOs to quickly adopt AI, the journey into agentic AI should be strategic, not reactive. Are you ready to rethink the MCP? 🚀

🚀 Rethinking the MCP: Do You Really Need a Model Control Plane for Agentic AI? 🤖#

🎯 What’s the Core Idea? Agents & Tools, Not Just MCPs#

🌐 Enterprise API Considerations & the Risk of Reinvention#

🛠️ Key Considerations for Building (or Not Building) an MCP#

✨ Tools & Technologies in the Agentic AI Ecosystem#

📡 The Future: Standardization & the AI Foundation (AIAF)#

👨‍💻 Key Takeaway: Think Critically, Start Small#

Appendix#