Analyst(s): Mitch Ashley
Publication Date: April 7, 2026

Agentic AI Foundation’s inaugural MCP Dev Summit NA brought 170+ members, vendors, and practitioners to NYC. The clearest signal from the event: MCP has a defined scope, the maintainers intend to keep it that way, while the open standards stack is forming around it.

What is Covered in This Article:

• The Agentic AI Foundation has surpassed CNCF in membership in roughly three months, with 170+ member organizations, establishing it as the fastest-growing foundation in Linux Foundation history and naming Mazin Gilbert as its inaugural Executive Director.
• Maintainers from Anthropic, AWS, Microsoft, and OpenAI drew a clear scope line: MCP connects AI applications to data sources and will not expand into observability, identity, or governance. Those problems belong to other projects and other standards.
• A2A v1.0 landed alongside the summit, formalizing agent-to-agent coordination as a complementary standard to MCP’s agent-to-resource focus, and Google’s Universal Commerce Protocol v1.0 introduced an economic transaction layer for agents.
• Enterprise keynotes from Uber, Nordstrom, Bloomberg, Duolingo, and PwC demonstrated MCP operating in production, with orchestration patterns, agent gateways, and skill management frameworks emerging as the integration architecture of record.
• The 2026 MCP roadmap targets authentication, observability integration, and horizontal HTTP scaling, directly addressing the security and scale gaps most frequently cited by critics.

The Event: The MCP Dev Summit North America, hosted by the Agentic AI Foundation under the Linux Foundation, ran April 2-3 in New York City across 17 keynotes and 95+ total sessions. The event drew contributors, enterprise practitioners, AI and platform vendors from across the MCP ecosystem, with AWS, Docker, Anthropic, Google Cloud, IBM, and Red Hat among the sponsors, alongside a deep roster of emerging infrastructure vendors.

Three months after launching, the Agentic AI Foundation has surpassed the Cloud Native Computing Foundation in membership size. Mazin Gilbert, named as the AAIF’s inaugural Executive Director, brings a background spanning AI research, software-defined networking, and cloud platform development across AT&T Labs, Google, and academia. The appointment positions the foundation for the kind of technically rigorous, production-focused governance the community needs, not promotional stewardship.

The summit’s technical content is split across two axes. The first was the state of the protocol itself: auth maturity, transport scaling, conformance testing, and the emerging best practice gap around MCP server design quality. The second was the broader stack: how MCP, A2A, OpenTelemetry, and agent gateways compose into something enterprises can govern and operate at scale.

MCP Dev Summit 2026: AAIF Sets A Clear Direction With Disciplined Guardrails

Analyst Take: MCP’s future has been under an industry microscope since before RSAC, where the security community’s skepticism about MCP’s future landed with force. The question circulating before this summit was blunt: Does MCP have a future, or did the industry rush the point of repair? Two days in New York answered that question definitively, though not in the way skeptics expected.

The CNCF Parallel Is Accurate and Instructive

The Linux Foundation Executive Director Jim Zemlin and AAIF Executive Director Mazin Gilbert drew the CNCF comparison directly in their opening remarks. CNCF took roughly 13 months to become infrastructure currency. MCP did the same in an estimated 13 weeks. That acceleration compresses the timeline for the governance work that CNCF did over years: conformance testing, security hardening, production observability, and the ecosystem tooling that makes a protocol operationally viable at enterprise scale.

The comparison is instructive for a second reason. Kubernetes did not try to own the entire cloud-native stack. It owns orchestration. The ecosystem built storage, networking, security, and observability as adjacent projects, most of them now CNCF-hosted. MCP is being positioned to follow the same pattern, and the maintainers are actively enforcing that boundary. That discipline is what separates a durable standard from a standards grab bag.

Drawing The Line – The MCP Scope Boundary

David Soria Parra, co-creator of MCP and Member of Technical Staff at Anthropic, addressed the scope question directly during a maintainers roundtable. MCP has a defined purpose: connecting AI applications to data sources. Observability belongs to OpenTelemetry. Identity belongs to dedicated projects. Governance belongs to the control plane layers above the protocol. Parra was explicit that MCP should not attempt to own those problems, and that the AAIF exists partly to enforce that discipline.

This matters more than any individual feature decision made during the summit. A protocol that stays narrowly focused on what it does well creates composable integration surfaces. A protocol that creeps into adjacent problems creates a sprawling standard nobody can govern cleanly, often creating conflicts between open source projects or confusion at best. These experienced maintainers understand this. The question is whether the vendor ecosystem respects the boundary or treats MCP as a surface to colonize for themselves.

Six MCP Decisions the AAIF Got Right

1. Moved MCP out of a single vendor’s control and into neutral foundation governance without breaking the open source, bottom-up development model that drove adoption
2. Drew a clear scope line for the protocol: agent-to-resource connectivity is the job, and scope creep into identity, observability, and governance is explicitly off the table
3. Appointed leadership with the right pedigree: AI research depth, enterprise platform experience, and open source institutional knowledge, not a protocol advocate from inside the ecosystem
4. Co-located the summit with KubeCon and the broader Linux Foundation event calendar, putting MCP directly in front of the cloud-native and platform engineering communities where enterprise infrastructure decisions get made
5. Launched conformance testing and best-practices work before quality problems became adoption blockers rather than after
6. Structured the working groups to pull in domain expertise from outside the core maintainer team, particularly on auth and identity, where Okto and others with deep identity infrastructure backgrounds are contributing directly

OpenAI’s Nick Cooper framed the stakes this way: MCP in and of itself is not the point. What people can accomplish with it is. That is exactly the right lens. The protocol is plumbing. The value lies in what gets built on and with it.

No Shortcuts for MCP Server Quality Problem

One of the sharpest exchanges at the summit came in response to the “Oprah effect” pattern that emerged last year: every vendor rushed to announce an MCP server, many of them little more than their existing API surface wrapped in a thin protocol layer. Taking an existing API with hundreds of endpoints and calling it an MCP server is exactly the wrong approach. The server quality gap is real and measurable. Platform providers already see significant variation in how well different MCP servers actually perform in agent workflows.

The underlying issue is that agents are a new class of API consumer, not simply a developer with a different client. MCP’s original contribution was forcing vendors to design their integration surface with agent cognition in mind, not just developer documentation conventions. Vendors that missed that intent have MCP servers that technically conform and operationally underperform. Conformance testing and quality measurement, both on the 2026 roadmap, are the mechanisms to close that gap.

What the Security Critics Got Half Right

The RSAC skepticism about MCP security was not baseless. Auth has been the most actively debated and frequently revised section of the MCP specification over the past year. Remote code execution risks in agent-adjacent workflows are real. The security community identified genuine gaps. Where the criticism goes wrong is treating current-state gaps as terminal conditions for MCP.

The 2026 roadmap addresses auth directly. The AAIF working groups are pulling in expertise from Okto and other identity-focused contributors. OpenTelemetry is extending its semantic conventions to cover MCP agent telemetry. Agent gateways, with several vendors at the summit demonstrating production implementations, provide the policy enforcement layer that the protocol itself does not. The security gaps will close because the commercial interests funding the protocol require them to.

The organizations waiting for MCP to solve security before they engage are making the same mistake as those who waited for Kubernetes to solve storage before adopting it. Those who build the production patterns now will define the architecture that everyone else inherits.

The “MCP Is Dead” Narrative Needs a Reality Check

The calls for MCP’s obituary are not only premature, but they are also disconnected from the evidence. AWS chairs the AAIF governing board. Microsoft, OpenAI, Google Cloud, IBM, Red Hat, Anthropic, Docker, and Datadog are active contributors and summit sponsors. Uber, Nordstrom, Bloomberg, Duolingo, and PwC presented production implementations from the keynote stage. The protocol is registering 97 million monthly downloads.

These are not the behaviors of an ecosystem retreating from a failed standard. They are the behaviors of an industry with serious commercial stakes in making the standard work.

Protocols do not die when security gaps exist. They die when nobody is invested in closing them. The AAIF 2026 roadmap, the working group structure, and the roster of organizations funding the work are all evidence that the investment is present. The gaps are real. The incentives to close them are stronger.

The Next Big Decision

The next decision that matters most is whether scope discipline holds under commercial pressure. The 170-member foundation includes vendors with strong incentives to extend MCP beyond its defined purpose.
The protocol’s durability as a genuine open standard depends on the AAIF maintaining the boundary its maintainers drew at this summit: MCP
connects AI applications to data sources, and the layers above it belong to other projects and other standards. If that line erodes, the composable open stack fractures into competing protocol sprawl. That is the scenario where a successor standard earns its opening.

What Vendors Should Do

Stop treating the MCP server presence as a strategy. An MCP server that wraps existing API endpoints without rethinking the integration surface for agent consumption is not a differentiator. The right investment is building above the protocol layer: high-quality MCP servers designed for agent cognition, gateway, and policy enforcement layers that enterprises require for production governance, and participation in the conformance and best-practices work the AAIF is now leading.

Vendors who treat the open standards stack as infrastructure and differentiate above it will be the ones still standing when enterprise adoption moves from proof of concept to production at scale.

What to Watch:

• The 2026 AAIF roadmap commits to auth hardening, observability integration, and horizontal scaling of HTTP transport. Watch whether these ship on schedule. Delivery will validate the CNCF comparison. Slippage will give critics legitimate ammunition for the first time.
• A2A v1.0’s adoption trajectory is the next inflection point. MCP has 97M monthly downloads. A2A is starting from zero with formalized multi-agent coordination semantics. Whether the developer community adopts A2A at a comparable velocity will determine whether the open stack genuinely composes or whether vendors substitute proprietary orchestration layers.
• Vendor differentiation above the protocol layer is beginning. Docker’s presentation on a unified MCP control plane across servers, clients, and teams, and Datadog’s scaling session signal that observability and management vendors intend to build the governance layer rather than cede it to hyperscalers. That competitive dynamic will define the enterprise MCP stack architecture through 2027.
• Enterprise adoption measurement is the question none of the maintainers could answer cleanly. Downloads are a leading indicator, not a production metric. The transition from 97M monthly downloads to verified enterprise production deployments at scale is the signal to watch through the back half of 2026.

See the complete event program and session recordings on the MCP Dev Summit North America 2026 event page at the Linux Foundation Events site.

Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.

Other Insights from Futurum:

Futurum Agent Control Plane Framework: A Reference Model for Production AI Agents

RSAC 2026: The AI ‘Tragedy of the Commons’ and the Future of Agentic Security

The Seven Principles of Observability-Native

Enterprises Prioritize Agent Observability Before They’ve Deployed Agents

Image Credit: Linux Foundation

Author Information

Mitch Ashley

Mitch Ashley is VP and Practice Lead of Software Lifecycle Engineering for The Futurum Group. Mitch has over 30+ years of experience as an entrepreneur, industry analyst, product development, and IT leader, with expertise in software engineering, cybersecurity, DevOps, DevSecOps, cloud, and AI. As an entrepreneur, CTO, CIO, and head of engineering, Mitch led the creation of award-winning cybersecurity products utilized in the private and public sectors, including the U.S. Department of Defense and all military branches. Mitch also led managed PKI services for broadband, Wi-Fi, IoT, energy management and 5G industries, product certification test labs, an online SaaS (93m transactions annually), and the development of video-on-demand and Internet cable services, and a national broadband network.

Mitch shares his experiences as an analyst, keynote and conference speaker, panelist, host, moderator, and expert interviewer discussing CIO/CTO leadership, product and software development, DevOps, DevSecOps, containerization, container orchestration, AI/ML/GenAI, platform engineering, SRE, and cybersecurity. He publishes his research on futurumgroup.com and TechstrongResearch.com/resources. He hosts multiple award-winning video and podcast series, including DevOps Unbound, CISO Talk, and Techstrong Gang.