They’ve started quietly, the way big technical shifts usually do: a handful of AI companies—led by the teams that build the assistants you actually use—have been stitching together a shared way for models to reach out into the real world, and now they’ve handed the work to a neutral steward. The idea is simple on paper and enormous if it catches on: instead of every assistant building bespoke bridges to calendars, CRMs, banking systems and enterprise databases, there’s a single, open-standard “plug” that any agent can use to discover, authenticate and call tools and data sources. That protocol, known as the Model Context Protocol (MCP), and a set of companion projects have just been folded into a new Linux Foundation-hosted effort called the Agentic AI Foundation (AAIF), a move meant to push these integrations toward open governance and away from single-vendor control.

MCP itself started as a developer-level answer to a problem engineers had been bumping into for a while: models are great at text, but almost everything useful requires action—calling an API, searching a private knowledge base, opening a ticket, or inserting a row in a spreadsheet. MCP defines how to describe those “things” so a model can find them, how to authenticate safely, and how to send structured requests back and forth. Think of it as a machine-friendly contract: a service exposes what actions it supports and the shape of the inputs and outputs, and any MCP-aware agent can consume that description and operate reliably against it. The protocol’s authors and early adopters say that this makes integrations less brittle and dramatically more reusable.

The list of bodies that signed on reads like a who’s who of cloud and AI: Anthropic donated MCP to the new foundation, OpenAI contributed its AGENTS.md guidance format, and Block brought its “goose” agent project into the pot. Large platform players—Google, Microsoft, Amazon Web Services, Bloomberg and Cloudflare among them—are listed as early members or backers of the AAIF, signaling that this is not a niche developer experiment but a broad industry play. The intent, as the organizations put it, is to make sure the plumbing of agentic AI is stewarded in a neutral, community-driven way rather than locked behind a single company’s API.

Why call it a “new internet”? Supporters use metaphors for a reason: if the web were organized around pages and links for people, MCP imagines an internet organized around machine-readable interfaces for agents. Instead of clicking and copy-pasting, an agent could hop between a user’s inbox, calendar, bank, and the analytics dashboard of whatever SaaS the company uses, executing multi-step workflows on behalf of the user. In practice, that means a developer could publish a single MCP-compatible interface for their product and, suddenly, any compliant agent—whether inside a coding assistant, a voice helper, or an enterprise orchestration tool—could use those capabilities without bespoke adapters. For companies trying to productize agents, that single-write, many-consume model is the missing lever for scale.

For people who care about productivity, the near-term payoff is straightforward: assistants that behave more like coordinators and less like clever notebooks. Instead of opening tabs, exporting CSVs and pasting snippets into report templates, an MCP-enabled agent could pull the right metrics, draft a narrative, schedule the follow-up meeting and attach the report, all in a few conversational turns. For enterprises, the calculus becomes whether to publish MCP endpoints and let a whole ecosystem call them, or to try to preserve control by building proprietary connectors. Backers of the AAIF argue that open standards lower integration costs and let competition happen on service quality rather than on who controls the most adapters.

But the architecture also raises obvious and important risks. Making it trivially easy for agents to act increases both the blast radius and the incentives for abuse: models that hallucinate, or that are insufficiently constrained, could trigger costly actions—moving money, changing records, or exposing private data—far faster than a human could undo. Security researchers and platform builders have already flagged issues like token theft, prompt-injection attacks, and the general brittleness of systems that stitch together many moving pieces; an ecosystem that makes action cheap must also standardize rigorous guardrails, monitoring and revocation mechanisms. The launch materials and early previews from platform partners explicitly call security and governance out as top priorities for the new foundation.

There’s also a much older commercial question hiding beneath the technical rhetoric: will developers and platforms actually bet on an open standard when proprietors can gain short-term advantage from locking integrations to their stacks? The history of the web is littered with elegant standards that failed to win broad adoption because economic incentives favored closed platforms. Having Google, Microsoft, AWS and others in the room makes MCP’s path more plausible, but it doesn’t guarantee it. Standards succeed when enough people build real, useful things on them—and when those things create visible value for users and businesses. If MCP delivers that, it could tilt the center of gravity of digital UX away from dozens of isolated apps and toward a smaller set of trusted agents; if it doesn’t, it will be another well-engineered attempt that the market ignored.

One unexpected indicator to watch is the platform makers: there have already been signs that operating systems and vendors are preparing for agentic integrations—Apple’s developer betas and some Windows previews have teased MCP hooks—because once the OS layer treats agent wiring as first-class, adoption accelerates. If phones and desktops ship native MCP support, the incentives for apps to publish MCP-compatible endpoints grow quickly. But that timeline isn’t certain, and platform support alone won’t solve the hard problems of trust, auditability and liability in automated actions.

So what happens next is less a technical question than a social and economic one. Engineers have built a practical and pragmatic protocol that answers a real interoperability headache; corporate leaders have, at least for now, agreed to try open governance under the Linux Foundation’s umbrella. The crucial variables will be who implements MCP in production systems, whether audits and security can scale with the openness, and whether users actually prefer agents that can act for them over the control of doing things themselves. If enough developers, platforms and enterprises treat MCP as the accepted way to expose capabilities, we could see a substantial shift in how the internet is organized—an agent-first layer that sits on top of the existing web. If not, MCP will join the many promising standards that circulated widely in engineer chat rooms but never quite reshaped the market.

Either way, the conversation has moved. The technical pieces—MCP, goose, AGENTS.md—aren’t vaporware anymore, and they’ve been placed where a broad community can argue about them, test them, and, crucially, try to break them so the fragile bits can be fixed. That feels like the right next step: build the plumbing openly, then let the messy, expensive work of real-world deployment expose what needs fixing. The internet was remade before by standards people fought over; we may be watching an echo of that same pattern, this time with machines doing the legwork for us.