MCP authorization decides what context agents see
MCP authorization became a context control plane in 2026. RFC 8707 token scoping decides which sources an agent can ever pull into its own context window.
Further reading
Articles about MCP (Model Context Protocol)
23 articles from the Wire blog, sorted newest first. Return to the MCP (Model Context Protocol) definition for context.
Stateless MCP: the spec is dropping session state
The 2026 MCP release candidate goes stateless: no initialize handshake, no session ID, any server instance answers any request. What stateless MCP means.
MCP Tasks: long-running work as context offloading
MCP Tasks let a server return a durable handle instead of a blocking result, keeping a long-running tool call's interim state off the agent's context window.
Your MCP server is installed. Your agent isn't using it.
Connecting an MCP server is easy. Getting an agent to call its tools on the first relevant turn is where teams lose, and the cause is context.
Why 14 MCP CVEs trace back to one design choice
OX Security's April 2026 advisory traces 14 MCP CVEs and 200,000 exposed servers to a single design choice: STDIO as the default local transport.
What Anthropic's context engineering guides leave out
Anthropic's 2026 trilogy on context engineering, tools, and code execution with MCP each assume the same missing layer: the substrate where context lives.
MCP vs Skills vs CLI: which one wastes the least context?
GitHub's MCP costs tens of thousands of tokens before any work begins. We compare MCP, Claude Skills, and CLI by context cost, not by user preference.
Tool calling is retrieval: what Needle proves at 26M
A 26M-parameter model just matched Gemini at function calling. Here is what Needle's distillation result means for MCP and agent context engineering.
MCP resources are the underused half of MCP
Every MCP discussion is about tools. The protocol's resources primitive is how you load context without paying for it every turn. Here's how to use it.
Context engineering lives in substrates, not harnesses
Codex shipped codex-plugin-cc and AGENTS.md joined the Linux Foundation. The signal is consistent: context engineering is substrate work, not harness work.
Progressive tool loading is the new MCP context pattern
Preloading every MCP tool into an agent's context is the bottleneck of 2026. Progressive tool loading defers definitions until needed and saves tokens.
What MCP's 2026 roadmap means for context delivery
The MCP 2026 roadmap reframes Model Context Protocol as enterprise context infrastructure: stateless transport, MCP Apps SEP-1865, audit logs, SSO auth.
Tool poisoning: how MCP tool descriptions hijack agents
Tool poisoning hides instructions inside MCP tool descriptions the agent reads as trusted context. The MCPTox benchmark recorded a 72.8% attack success rate.
Tool-based agent memory: why 2026 benchmarks favor it
Tool-based agent memory exposes store, retrieve, and navigate as callable MCP tools. 2026 benchmarks from Mem0, Memanto, and Wire show why the pattern wins.
Provenance is a context engineering primitive, not a trust score
Retrieval provenance for AI agents isn't an audit log or a trust verdict. It's structural metadata (source, position, time, edges) agents use to plan.
One job per tool: why adding wire_navigate cut agent calls 24%
We restructured Wire's MCP surface from 2 overloaded tools to 3 single-purpose ones. The counterintuitive result: adding a tool cut total calls 24%.
How to build a private AI second brain
Native Notion and Obsidian MCP give every connected agent the same coarse scope. Build a private AI second brain with per-agent, revocable access across tools.
Why multi-agent AI systems fail at context
Up to 86.7% of multi-agent AI runs fail. Most failures trace back to how agents share context, not the agents themselves. Here's why and how to fix it.
Why MCP failures are a context engineering problem
New research analyzed 3,282 MCP bug reports across GitHub. The patterns reveal a context delivery problem, not a protocol problem. Here's what it means.
AI agents have too much access
88% of organizations report AI agent security incidents. The root cause is a context engineering failure: agents get all-or-nothing access, not scoped context.
Your AI Doesn't Remember You. That's by Design.
94% of IT leaders fear vendor lock-in. Every AI tool traps your context in its own silo. Here's why your AI doesn't remember you, and what's changing.
Five Ways to Give AI Access to Your Data
From copy-paste to context platforms, five approaches to giving AI access to your data. Covers security trade-offs, cost, and practical recommendations.
How to Get an MCP Server Without Writing Code
Over 17,000 MCP servers exist but most are generic dev tools. Here's how to create a custom one for your own data without writing a single line of code.
Put context into practice
Create your first context container and connect it to your AI tools in minutes.
Create Your First Container