MCP 2026 Roadmap: Working Groups, Stateless Core, and the July 28 RC
The Model Context Protocol team published its 2026 roadmap in March, shifting from release-milestone organisation to a priority-area structure governed by Working Groups. This change reflects the protocol's maturation: rather than a core team planning every release, domain-specific Working Groups can now approve SEPs (Specification Enhancement Proposals) independently, reducing bottlenecks for teams iterating on transport, security, and enterprise extensions in parallel. The release candidate for MCP 2026-07-28 is now available, representing the largest revision to the protocol since its initial launch.
The four priority areas are transport evolution, agent communication, governance maturation, and enterprise readiness. On transport, the core shift is to a stateless session model — eliminating the sticky-session infrastructure that made horizontal scaling difficult and expensive. A new .well-known metadata endpoint enables server discovery without requiring an active connection, which simplifies load balancer and service mesh integrations. The Tasks primitive (SEP-1686), which shipped experimentally earlier this year, is being refined with improved retry semantics for transient failures and expiry policies for how long task results are retained after completion.
Enterprise readiness is intentionally left open-ended in the roadmap: the team identifies audit trails, SSO integration, gateway behaviour, and configuration portability as targets but frames them as areas where enterprise practitioners should actively participate in shaping the specification. This is a meaningful shift for teams evaluating MCP adoption in regulated environments, where the absence of auditing and identity federation integration has been the primary blocker. The Python and TypeScript SDKs continue to see approximately 97 million monthly downloads, and Claude, ChatGPT, Goose, and VS Code all ship native MCP client support. The protocol was donated to the Agentic AI Foundation (a Linux Foundation directed fund) in late 2025, making it a vendor-neutral standard with governance shared across Anthropic, Block, and OpenAI.
Read more — Model Context Protocol Blog
Gemini API Managed Agents: Stateful Autonomous Agents on Google Infrastructure
Google launched Managed Agents in the Gemini API in public preview, enabling developers to build and deploy stateful autonomous agents that run in isolated, Google-hosted Linux sandbox environments without managing their own infrastructure. Managed Agents maintain state across turns — a fundamental requirement for agents that need to track progress on multi-step tasks, recall intermediate results, and resume work after an interruption. The sandboxing model means each agent instance runs in a fully isolated environment with controlled access to tools, files, and network resources, reducing the surface area for cross-agent contamination in multi-agent deployments.
The API provides lifecycle primitives for creating, resuming, and terminating agent sessions, with integration into Google Cloud's IAM and logging stack. Developers define the agent's tool set, memory configuration, and model selection at creation time, and the platform handles execution scheduling, failure recovery, and resource scaling. This positions Managed Agents as the hosted counterpart to frameworks like LangGraph or CrewAI, where the developer brings their own infrastructure — Managed Agents trades that flexibility for managed reliability and tighter integration with Google Cloud's security controls.
For teams building on Gemini, this removes the need to maintain long-lived agent process pools or manage persistent state stores independently. The public preview is available through the Gemini API, and the feature is expected to converge with the Gemini Enterprise Agent Platform's production tooling over the coming months, giving the same agent definitions a path from API-level testing to enterprise-governed production deployment.
Read more — Google Cloud
Safe & Secure AI Agent Practices
Anthropic and MITRE Map a Year of AI-Enabled Cyber Threats
Anthropic published findings from a year-long study of AI-enabled cyber operations conducted in collaboration with MITRE, analysing 832 accounts banned for malicious activity between March 2025 and March 2026. The study identifies three major shifts in how threat actors are using AI: deeper integration into the later and more complex stages of cyber operations (rather than just initial access), increased autonomy enabling multi-stage attacks with minimal human oversight, and a democratisation of sophisticated attack capabilities to medium-tier actors. The proportion of medium-to-high-risk actors increased from 33% to 56% over the study period — a 1.7x increase.
The most significant finding for defenders is that the MITRE ATT&CK framework's existing taxonomy does not adequately capture agentic attack patterns. A state-sponsored espionage operation in the study used 30 techniques — a count that placed it in the medium-risk tier under standard ATT&CK scoring — yet scored maximum risk under Anthropic's assessment because it employed agentic orchestration: an AI-driven system autonomously chaining attack stages and making real-time tactical decisions without human direction at each step. The traditional risk signals of technique count and platform type are losing reliability as threat actors shift from using AI for content generation to using it as an autonomous execution layer.
Anthropic has deployed cybersecurity classifiers on its capable models to detect and block categories including malware creation and data exfiltration assistance. For defenders, the practical guidance from the study is to focus monitoring on architectural signals — the presence of scaffolding, automation frameworks, and orchestration patterns around AI systems — rather than relying on per-technique counts. The team is working with MITRE to propose extensions to the ATT&CK framework that capture autonomous chaining, goal-directed action selection, and agentic lateral movement as distinct threat categories.
Read more — Anthropic
NIST Launches AI Agent Standards Initiative for Interoperability and Security
NIST's Center for AI Standards and Innovation (CAISI) launched the AI Agent Standards Initiative in February 2026, the first federal effort to establish interoperability, security, and identity standards for autonomous AI agents operating in production environments. The initiative focuses on four areas: security controls and risk management, identity credentialing and authorisation, interoperability and ecosystem coordination, and testing, evaluation, and assurance. For enterprise developers, the most immediately relevant work is in identity and authorisation, where the initiative is developing authentication mechanisms and permission-limiting frameworks that address the specific challenges of agents acting on behalf of users across multiple systems with delegated credentials.
The emerging framework emphasises threat modelling specific to autonomous agents — covering scenarios where agents acquire capabilities, escalate privileges, or chain tool calls in ways that were not anticipated at design time. Human supervision and escalation protocols are treated as a required architectural element rather than an optional safety layer. Teams building agents for regulated industries (financial services, healthcare, legal) are advised to engage with the public comment process, as the resulting standards are expected to influence procurement requirements and regulatory guidance in those sectors within 18 to 24 months.
The W3C AI Agent Protocol Community Group is working in parallel toward formal web standards for agent communication, with specifications expected in 2026 and 2027. Together, the NIST and W3C efforts signal that the ad hoc protocol landscape of the past two years — where MCP, A2A, ACP, and TAP emerged independently — is entering a consolidation phase where interoperability requirements will be enforced rather than voluntary. For teams making architecture decisions about agent communication protocols today, awareness of both initiatives is useful context for evaluating which protocols are likely to persist into a standards-governed future.
Read more — Pillsbury Law
Links & Sources
You May Also Enjoy
