Why MCP apps struggle with enterprise adoption

Building AI Products That Last: MCP Agents and Enterprise Permissions

The future of AI lies not just in better models, but in better protocols and permissioning systems. In this episode, we explore the emerging Model Control Protocol (MCP) ecosystem and tackle the complex challenges of building enterprise-ready AI agents that can safely access and operate across multiple business systems.

Guest Introduction

Michael Grinich is the CEO and founder of WorkOS, bringing deep expertise in enterprise identity and authorization systems to the rapidly evolving AI agent landscape. Having recently acquired warrant (an authorization database) and hosted the largest MCP demo event in San Francisco with 500+ attendees, Michael offers unique insights into the infrastructure challenges that will determine which AI products succeed in enterprise environments.

Why MCP Represents a Paradigm Shift

• Protocol Infancy: MCP is only 6-7 months old but already showing explosive developer adoption - similar to early internet protocols that took years to mature

• Integration Explosion: Modern AI agents need access to dozens of tools (email, Salesforce, GitHub, Dropbox, design tools) rather than the 2-3 integrations typical in traditional software

• Non-Deterministic Behavior: Unlike traditional integrations with predictable, declarative actions, AI agents operate with open-ended, flexible behavior that's impossible to fully constrain through prompts alone

• Enterprise Security Gaps: Current MCP lacks essential enterprise features like granular permissions, audit trails, and sophisticated authorization flows

The Permission Problem in AI

• Three-Dimensional Challenge: More AI products being adopted × more integrations per product × non-deterministic agent behavior = exponential security complexity

• New Actor Types: Agents represent a fundamentally new category of user - non-human, non-deterministic entities that act on behalf of humans but with their own state and intent

• API Design Evolution: Most services lack permission introspection APIs, forcing custom implementation of authorization layers on top of existing systems

• Organization-Wide Authorization: Enterprise deployments require respecting complex permission hierarchies across entire organizational directories, not just individual user access

MCP Infrastructure Challenges

• Authentication Evolution: OAuth 2.1 extension recently added to MCP, but approval flows and tool authorization remain "wild west" with no standardized security model

• Client Compatibility: Different MCP clients (Claude Desktop, ChatGPT, etc.) support different protocol features, creating fragmentation similar to browser compatibility issues

• Performance Requirements: Enterprise deployments need sub-millisecond permission checks, requiring distributed caching and in-memory graph storage

• Multi-Source Data: AI agents must seamlessly combine internal company data with external web data while maintaining proper access controls

• Fine-Grained Authorization (FGA) Systems

• Graph-Based Permissions: Modern authorization systems model permissions as graph reachability problems rather than traditional role-based access control

• External Permission Services: Separating permissions from core application data enables unified authorization across multiple integrated systems

• Real-Time Permission Checking: Enterprise AI requires microsecond permission lookups across complex organizational hierarchies and resource relationships

• Audit and Observability: Every agent action must be traceable and auditable for compliance and security investigation

Developer Adoption Strategy

• Community-Led Development: MCP's steering committee reflects community feedback rather than top-down specification, accelerating real-world adoption

• Experimentation Threshold: Weekend developers can build functional MCP servers, lowering barriers to innovation and ecosystem growth

• Beyond API Wrapping: Successful MCP implementations leverage unique capabilities like elicitation and sampling rather than just exposing REST endpoints

• Product Experience First: Focus on solving real user problems rather than getting caught up in protocol specifications and bleeding-edge features

• Enterprise Go-to-Market

• Security Boundary Strategy: Success requires implementing authorization and observability at the integration layer rather than within individual applications

• Permission API Development: Most existing services will need to expose permission introspection APIs to support sophisticated agent authorization

• Infrastructure as Moat: Companies building robust authorization infrastructure will capture more value than pure application developers

• Gradual Enterprise Adoption: Large organizations will adopt AI agents slowly, allowing time for security and compliance frameworks to mature

Authentication Evolution

• OAuth Extension Strategy: Future agent authentication will likely build on existing OAuth rather than replacing it entirely - similar to how current web infrastructure evolved

• Non-Human Actor Integration: Agents will probably have email addresses and be provisioned/deprovisioned like human users, leveraging existing identity management systems

• Historical Precedent: Like Roman chariot wheel spacing determining modern train track width, existing identity systems will heavily influence future agent authentication

• Backwards Compatibility: Successful solutions will bring existing enterprise identity infrastructure into the AI age rather than requiring complete replacement

• Agent-First Design Principles

• Traffic Pattern Inversion: Expect agent traffic to eventually dominate human traffic, similar to how DocuSign shifted from 98% web usage to 90%+ API usage

• New Interaction Patterns: Agent-native applications will enable capabilities impossible with human-only interfaces, requiring fundamental UX rethinking

• Specialization vs. Generalization: Market may split between general productivity platforms and highly specialized agent-only services

• Delegation Skill Development: Biggest workforce change will be teaching employees to effectively delegate to AI agents like executives delegate to human assistants

Infrastructure Timing

• Protocol Maturity: Don't wait for perfect specifications - build great user experiences with current capabilities while staying adaptable to protocol evolution

• Client Ecosystem: Success depends on broad client support, requiring patience as different platforms implement MCP features at different speeds

• Security Investment: Companies investing early in robust agent authorization systems will have significant competitive advantages as enterprise adoption accelerates

• Developer Experience: Lower barriers to experimentation and iteration - the "taste it to understand it" principle applies strongly to agent technologies

Market Positioning

• Enterprise Security Focus: Companies solving real authorization and audit challenges will capture more value than those building fancy demos

• Ecosystem Participation: Active involvement in MCP community development and standards evolution provides strategic advantage

• User Feedback Loop: Talk to actual users rather than betting on theoretical protocol directions - market adoption drives successful technical evolution

• Tomato Moment: Like tomatoes transforming Italian cuisine, MCP represents a new ingredient that will fundamentally change how software is built and used

This episode reveals the infrastructure challenges and opportunities hiding beneath the AI agent hype, offering practical guidance for product leaders building the authorization and identity systems that will determine which AI products succeed in enterprise environments.