Model Context Protocol Hits 97 Million Monthly Downloads (March 2026)
Anthropic's Model Context Protocol has reached 97 million monthly SDK downloads as of March 2026 — a 4,750% surge in 16 months — cementing its role as the default standard for AI tool connectivity. But developer sentiment is mixed: while every major AI platform has adopted MCP, security researchers warn 66% of community servers have critical vulnerabilities.
The Model Context Protocol (MCP) reached 97 million monthly SDK downloads as of — just 16 months after Anthropic open-sourced the AI connectivity standard in November 2024. The milestone confirms MCP's status as the default infrastructure layer for how AI agents connect to external tools, data sources, and services across the industry.
What Happened
Anthropic released the Model Context Protocol as an open standard on , offering a unified way for AI models to connect to external tools — databases, APIs, file systems, SaaS platforms, and more. At launch, the official TypeScript and Python SDKs saw roughly 2 million monthly downloads. By March 2026, that number has climbed to approximately 97 million monthly downloads — a 4,750% increase in 16 months, a growth rate that outpaces REST API adoption in its comparable early period.
In , Anthropic donated MCP to the Linux Foundation's newly formed Agentic AI Foundation (AAIF), ensuring vendor-neutral governance. The protocol is no longer controlled by any single company — a strategic move that accelerated enterprise adoption by removing concerns about Anthropic lock-in.
Key Details
- 97 million monthly downloads across the official TypeScript (
@modelcontextprotocol/sdk) and Python (mcpon PyPI) SDKs as of March 2026 - 5,800+ community MCP servers available covering databases, CRMs, cloud providers, developer tools, productivity apps, and AI services — up from a handful of reference implementations at launch
- Every major AI platform has adopted MCP natively: Anthropic Claude (creator), OpenAI/ChatGPT (Q2 2025), Microsoft Copilot (Q3 2025), Google Gemini (Q4 2025), Amazon Bedrock (Q4 2025), Cursor, and VS Code Copilot
- Agentic AI Foundation governance: MCP donated to Linux Foundation in December 2025, now stewarded by a cross-vendor foundation
- Security concerns flagged: Security researchers report that up to 66% of community MCP servers have critical vulnerabilities — an ecosystem quality problem Anthropic has acknowledged
What Developers and Users Are Saying
Developer reaction to the milestone is notably split. On the optimistic side, many engineers building AI-powered applications cite MCP as the first standard that actually delivers on the "plug in any tool" promise — with Claude, Cursor, and VS Code all supporting it out of the box. The server ecosystem growing to 5,800+ means there's an MCP server for almost every popular SaaS tool.
But a significant countercurrent has emerged. Y Combinator president Garry Tan's blunt take — "MCP sucks honestly" — captured a real frustration among developers who find the protocol over-engineered for many use cases. Eric Holmes' blog post "MCP is dead. Long live the CLI" reached the top of Hacker News, arguing that MCP's complexity makes it inferior to simpler CLI-based tool calling. The project mcp2cli, which converts MCP tools into plain shell commands to cut 96–99% of token overhead, hit 158 points on Hacker News the same week. On Reddit's r/LocalLLaMA and r/MachineLearning, threads about the 97M milestone are split between celebration and concern: "95% of MCP servers are utter garbage" is a recurring refrain, pointing to the ecosystem quality problem.
Security researchers have piled on with technical critiques, with a widely-shared audit claiming critical vulnerabilities in the majority of published community servers, raising questions about whether the rush to 5,800 servers prioritized quantity over security.
What This Means for Developers
MCP's near-universal adoption by major AI platforms means it's now effectively a required skill for developers building AI-integrated software. If your product can be connected to an AI agent — and most can — building an MCP server is the standard path to doing so. The good news: the official Python and TypeScript SDKs are well-documented and the server development experience has improved substantially since late 2024. The bad news: production MCP deployments still face real security and reliability challenges. Developers should treat community MCP servers as untrusted code — audit them before using in production. The Q2 2026 roadmap promises enterprise-grade authentication (OAuth 2.1, SAML/OIDC), which should address many current enterprise adoption blockers.
What's Next
The MCP roadmap for 2026, published by the Agentic AI Foundation, outlines three phases: Q2 2026 — enterprise authentication (OAuth 2.1, SAML/OIDC) for secure production deployments; Q3 2026 — agent-to-agent coordination via MCP, enabling AI agents to call other AI agents through the same protocol; Q4 2026 — an official MCP Registry with security audits and SLA commitments, addressing the ecosystem quality problem head-on. The spec and SDKs are available at github.com/modelcontextprotocol, and the official documentation lives at modelcontextprotocol.io.
Sources
- Digital Applied — MCP Hits 97M Downloads — primary coverage of the milestone with growth analysis
- Bitcoin.com / CoinSpectator — MCP in 2026 — ecosystem expansion coverage
- Anthropic — Donating MCP to the Agentic AI Foundation — official Linux Foundation donation announcement
- Hacker News — MCP is dead; long live MCP — developer debate and community reaction thread
- Forem / DEV Community — MCP Security Researchers Respond — security vulnerability coverage
- StackOne — MCP: What's Working, What's Broken — technical production experience retrospective
Stay up to date with Doolpa
Subscribe to Newsletter →