MCP survives the hype cycle, earns enterprise role

The MCP discourse has split into two factions — influencer contrarians and legitimate security critics — and both are being collapsed into the same "it's dead" headline, which obscures more than it reveals.

• –The CLI-over-MCP argument holds for known tools with training-data coverage, but collapses for custom APIs where agents need to learn available commands regardless of transport layer
• –Server-mode MCP (HTTP, not stdio) is where real enterprise value lives: centralized auth with revocable OAuth, unified telemetry, and org-wide prompt/resource distribution without repo duplication
• –Separate from the hype cycle: legitimate security research has found ~43% of open-source MCP servers have flawed OAuth flows, with real prompt injection and data exfiltration risks — a valid concern Chen's piece underweights
• –The MCP 2026 roadmap directly addresses production-readiness gaps, and enterprise adoption is accelerating per CIO coverage — the protocol is not dying, it's maturing
• –This debate mirrors every previous "X is dead" cycle in developer tooling: the nuanced answer (right tool for the right context) never goes viral