MCP's Enterprise Rewrite Draws Security Fire, 15 Days to July 28
<p>Security researchers warn the stateless <strong>2026-07-28 MCP spec</strong> widens the agent attack surface even as it simplifies deployment, sharpening a 15-day migration list: drop <em>Mcp-Session-Id</em> state, expose RFC 9728 metadata, and stand up OAuth 2.1. Meanwhile LangChain's data shows adoption outrunning evaluation — 57% of teams run agents...
Highlights signal board
- countdown15d
- signals03
- sources06
- watch02
- Security researchers are now warning that the enterprise-ready 2026-07-28 MCP spec — stateless core, OAuth alignment, server-rendered UIs — widens the agent attack surface even as it simplifies deployment. (SecurityWeek)
- With 15 days to the July 28 final spec, the production migration list has sharpened: drop
Mcp-Session-Idstate, expose RFC 9728 protected-resource metadata, and move tool schemas to full JSON Schema 2020-12. (MCP Blog) - LangChain's State of Agent Engineering data lands the counterweight to the hype: 57% of teams report agents in production and 89% run observability, but only 52% run evals — a governance gap operators are shipping into. (LangChain)
- Amazon's Bedrock AgentCore Harness is now generally available, letting teams declare an agent's behavior and hand orchestration to the managed runtime. (AWS)
Key Signals ranked scan
-
The MCP overhaul is now a security story, not just a migration story
this weekTrade coverage from SecurityWeek and SC Media flags that the stateless redesign — no handshake, no session ID, any request hits any instance — removes session-level assumptions that many gateways and auth layers quietly relied on. (SecurityWeek, SC Media) The fix ships in the spec itself: OAuth 2.1 with Protected Resource Metadata (RFC 9728) and a
.well-known/oauth-protected-resourceendpoint become the expected posture for any server accepting remote connections. (WorkOS) -
The 15-day migration checklist is concrete
MCP Blog, release candidateServers still leaning on sticky sessions or a shared session store can move to a plain round-robin load balancer once state is passed as explicit tool arguments instead of via
Mcp-Session-Id. Teams should also addttlMstotools/listresponses and migrate experimental Tasks to the new lifecycle before the final publication on July 28. (MCP Blog) -
Adoption is outrunning evaluation
LangChainLangChain's engineering survey shows observability adoption (89%) far ahead of eval adoption (52%), with 57% of respondents already running agents in production. (LangChain) For platform owners, that gap is the operational risk to name: teams can see what their agents did, but far fewer can prove whether it was correct.
Why It Matters / What To Watch operator watch
-
Treat the MCP cutover as a security review, not a version bump
- Audit every place your server reads or writes state keyed to
Mcp-Session-Id, then replace it with client-passed handles before removing sticky routing. (MCP Blog) - Stand up OAuth 2.1 and the RFC 9728 metadata endpoint now — unauthenticated remote servers are the exposure researchers are calling out. (SecurityWeek, WorkOS)
- Audit every place your server reads or writes state keyed to
-
Close the eval gap while you tighten governance
- If your agents are in production but not under eval, that is the 48% blind spot from LangChain's data — wire evals into CI before the next framework upgrade regresses a prompt. (LangChain)
- Watch the managed runtimes converging on the same promise: AgentCore Harness (declare behavior, delegate orchestration) is the pattern to benchmark first-party frameworks against. (AWS)
Quick Links sources
- The 2026-07-28 MCP Specification Release Candidate Model Context Protocol Blog
- New Enterprise-Ready MCP Specification Brings New Security Challenges SecurityWeek
- Model Context Protocol overhaul introduces new security challenges for developers SC Media
- The biggest MCP spec update ships July 28: What changes for AI agent authentication WorkOS
- State of Agent Engineering LangChain
- AWS Summit New York 2026: New AI agent innovations Amazon