Home » Tags

Security

Tool Annotations as Risk Vocabulary: What Hints Can and Can't Do

MCP tool annotations were introduced nearly a year ago as a way for servers to describe the behavior of their tools — whether they’re read-only, destructive, idempotent, or reach outside their local environment. Since then, the community has filed five independent Specification Enhancement Proposals (SEPs) proposing new annotations, driven in part by a sharper collective understanding of where risk actually lives in agentic workflows. This post recaps where tool annotations are today, what they can and can’t realistically do, and offers a framework for evaluating new proposals. ...

March 16, 2026 · 11 min · Ola Hungerford (Maintainer), Sam Morrow (GitHub), Luca Chang (AWS)

Evolving OAuth Client Registration in the Model Context Protocol

The Model Context Protocol (MCP) has adopted OAuth 2.1 as the foundation for its authorization framework. A key part of the authorization flow that MCP is particularly reliant on is client registration. This is especially important in a world where clients and servers don’t have a pre-existing relationship - we can’t assume that we will always know which MCP clients will connect to which MCP servers. This design highlights two challenges that need to be addressed: ...

August 22, 2025 · 10 min · Paul Carleton (Core Maintainer)