Put the key MCP milestones in chronological order
- 1Anthropic releases MCP as open specification (November 2024)
- 2Google donates A2A to the Linux Foundation; MCP remains under Anthropic's open spec working group (2025-2026)
- 3HTTP+SSE transport deprecated in favor of Streamable HTTP (spec revision 2025-03-26)
- 4Cursor, Continue, and Zed adopt MCP as their tool connectivity standard (early 2025)
- 5OWASP-branded community MCP risk taxonomy emerges, cataloging tool poisoning, rug pulls, and confused-deputy threats (2025)
MCP: November 2024 release, early-2025 IDE adoption, March-2025 SSE-to-Streamable-HTTP transport, 2025 community security taxonomy, then a 2025-2026 split (A2A → Linux Foundation, MCP stays under Anthropic).
Picture how a new electrical plug shape catches on. First one company designs the plug and publishes the blueprint so anyone can build to it. Then a few gadget makers adopt it because it is convenient. As more devices use it, the original designers notice the early wiring was clunky, so they swap it for a cleaner version. Safety inspectors then write a checklist of ways the plug can be misused. Finally, once half the industry depends on it, no single company should own the standard, so it moves to a neutral committee. MCP followed that exact arc: release, early adoption, a transport upgrade, a security checklist, and shared governance.
Detailed answer & concept explanation~8 min readEverything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example. Click to expand.
Everything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example. Click to expand.
Everything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example.
Everything important, quickly.
4 min: the five milestones, the causal chain that fixes their order, why security trails adoption, and why governance comes last.
| Step | Event | Why it sits here |
|---|---|---|
| 1 | Anthropic releases MCP open spec (Nov 2024) | Root event; nothing can precede the spec existing |
| 2 | Cursor, Continue, Zed adopt MCP (early 2025) | Adoption requires an existing open standard |
| 3 | HTTP+SSE deprecated for Streamable HTTP (mid-2025) | Transport pain surfaces only after real remote use |
| 4 | OWASP MCP Top 10 published (2025) | Security taxonomy follows a deployed attack surface |
| 5 | Governance maturation: A2A donated to Linux Foundation (2025); MCP stays under Anthropic's open spec (2025-2026) | Neutral foundation stewardship is the canonical move once a protocol matters to many vendors; A2A has made it, MCP has not yet |
Real products, models, and research that use this idea.
- Anthropic shipped MCP in November 2024 with reference servers for filesystem, Git, and Postgres, plus Claude Desktop as the first host.
- Cursor, Continue, and Zed adopted MCP in early 2025, so a server written once ran across all three editors without rewrites.
- The OWASP MCP Top 10, published in 2025, catalogued threats like tool poisoning, rug pulls, and the confused-deputy problem for remote servers.
What an interviewer would ask next. Try answering before peeking at the approach.
QWhy did the original HTTP+SSE transport get deprecated, and what does Streamable HTTP do better?
QWhy does moving governance to a neutral foundation matter for a protocol's longevity?
Don't say thisRed flags and common mistakes that signal junior thinking. Click to expand.
Red flags and common mistakes that signal junior thinking. Click to expand.
Putting adoption before the release, or assuming the security taxonomy came first. Tools could not adopt a spec that did not exist yet, and security work follows usage.
The night-before-the-interview bullets. Scan these on the way to the call.
Primary sources. Skim if you want the original framing.
Same topic, related formats. Practice these next.