Sonnet Code
← Volver a todos los artículos
AI Development26 de mayo de 2026·8 min read

MCP Quietly Became the Integration Standard — and Tunnels Just Removed the Last Enterprise Objection

Sonnet Code Editorial Team

The week the objection went away

For a year and a half, the most common reason a promising AI feature never reached production wasn't the model. It was the plumbing. An agent that can reason brilliantly is useless if it can't reach the CRM, the ticketing system, the internal data warehouse — and every one of those connections used to be a bespoke integration with its own auth, its own failure modes, and its own security review. The Model Context Protocol was Anthropic's answer to that sprawl when it landed in November 2024: one open standard for how a model talks to external tools and data, the "USB-C for AI-native applications" as the ecosystem now describes it.

What changed in May 2026 is that the last serious enterprise objection got answered. On May 19, MCP shipped tunnels as a research preview and self-hosted sandboxes as a public beta in the same week. Tunnels let an agent reach customer-side data through a single outbound, encrypted connection — no inbound firewall rules, no port to open, no new attack surface pointed at the internet. Self-hosted sandboxes — with Cloudflare, Daytona, Modal, and Vercel as launch providers — give the security team an auditable execution environment where the agent's tools actually run, instead of an opaque vendor black box. Those two features are precisely the things a CISO asks about in the meeting that kills the project. They now have answers.

From clever spec to default standard

The protocol's momentum isn't just feature velocity. In December 2025, Anthropic donated MCP to the Agentic AI Foundation under the Linux Foundation, co-founded with Block and OpenAI and backed by Google, Microsoft, AWS, Cloudflare, and Bloomberg. Standards that one vendor controls make buyers nervous; standards that sit under a neutral foundation with every major platform as a client do not. And the client list is now effectively everyone: ChatGPT, Claude, Gemini, Microsoft Copilot, VS Code, Cursor, and Replit all speak MCP.

The market read this correctly. Forrester predicts 30% of enterprise app vendors will launch their own MCP servers in 2026. When a third of the SaaS you already pay for ships a first-class way for agents to talk to it, "should we adopt the standard" stops being a question. The interesting work moves up a level — from whether to integrate to how well.

Why "expose your systems as MCP servers" is the real project

Here's the shift that catches teams off guard. The hard part of an AI integration was never getting the model to call a function. It's everything around the function: who is this agent acting on behalf of, what is it allowed to see, how do we prove after the fact what it did, and what happens when the tool call half-succeeds. MCP standardizes the shape of the connection — it does not, by itself, make your integration safe, observable, or correct. The 2026 roadmap is candid about this: the priorities are transport scalability, reliable async task semantics with retries and expiry, and enterprise readiness — audit trails, SSO-integrated auth, and gateway patterns. Those are exactly the gaps every enterprise hits the moment it moves past a demo.

So the project in front of most product teams this year is not "add an AI chatbot." It's expose the systems we already run as well-governed MCP servers — with the boring, load-bearing parts done right:

  • Scoped, SSO-backed auth so an agent inherits a real identity and a real permission set, not a shared god-token.
  • A gateway in front of your servers that enforces rate limits, redacts sensitive fields, and gives you one place to see and revoke access.
  • Audit trails that record every tool call with enough context to answer "what did the agent do, on whose behalf, and why" months later.
  • Self-hosted execution for anything touching regulated or customer data, so the bytes never leave infrastructure you control.

None of that is glamorous. All of it is the difference between a feature that passes security review and one that dies in it.

What this means if you're buying or building AI features

If you're a product team, the strategic move is to stop treating each AI integration as a one-off and start treating your own systems as a clean MCP surface — because once they are, every agent you adopt this year and next plugs into them without a fresh integration project. The vendors are converging on the standard; your leverage is in how cleanly and safely your side of the connection is built.

If you're evaluating vendors, the questions worth asking now are concrete: Does it run self-hosted? Does it use scoped per-user auth or a shared key? Where do the tool calls actually execute, and can we audit them? The protocol made these questions answerable. It didn't make every implementation good.

Where Sonnet Code fits

This is squarely the AI development work we do: wiring AI into products that already exist, where the systems are real, the data is sensitive, and "it worked in the demo" is not the bar. Concretely, that means designing your internal systems as governed MCP servers — scoped auth, a gateway you can see through, audit trails that satisfy a security review, and self-hosted execution for the data that can't leave your walls. The model layer is increasingly a commodity you can swap; the integration layer, done so it survives a CISO's questions, is the durable engineering. If your AI roadmap is stalled on "we can't safely connect it to our systems," that's the conversation to have — because as of this month, the standard finally has answers to the objections that used to end the meeting.

Sigue leyendo.

Subquadratic Emerged From Stealth With $29M, a 12M-Token Context Window, and 300× Cost-Reduction Claims on RULER 128K. The Quadratic-Attention Tax Era of LLM Economics May Be Ending — and Architectural Lock-In Is Suddenly a Real Category of Risk Again.
AI Development10 min read

Subquadratic Emerged From Stealth With $29M, a 12M-Token Context Window, and 300× Cost-Reduction Claims on RULER 128K. The Quadratic-Attention Tax Era of LLM Economics May Be Ending — and Architectural Lock-In Is Suddenly a Real Category of Risk Again.

On May 5, 2026 a stealth lab called Subquadratic emerged with $29M in seed funding (Javier Villamizar of the former SoftBank Vision Fund, Justin Mateen of JAM, and early backers of Anthropic, OpenAI, Stripe, and Brex) and a frontier model — SubQ — built on what they describe as a truly subquadratic sparse-attention architecture rather than the dense quadratic-attention Transformer that has defined the cost curve of every frontier LLM for the last seven years. The published claims: 95% accuracy on RULER 128K at $8 per evaluation versus Claude Opus at 94% and roughly $2,600 (a 300× cost reduction), 52× faster than FlashAttention at 1M tokens, ~1,000× less compute at 12M tokens, and a 12M-token context window shipped in production with a CLI coding agent (SubQ Code) and a search product on top. None of the headline numbers are independently reproduced yet — the weights are closed, the training details are private, and the eval surface is narrow. The structural read isn't 'one new model.' It's that if the architectural premise pans out on any meaningful workload, the entire cost calculation behind 'what's worth attempting at scale?' changes, and a category of risk most teams stopped worrying about in 2024 — architectural lock-in — is suddenly real again. Here's what to watch for over the next 90 days, what changes for your roadmap if the claims hold, and what to do about a stack you've been building on the assumption that quadratic attention is a permanent fact.

Sonnet Code Editorial Team · 1 de junio de 2026
Google Shipped Gemini Spark at I/O 2026 — a 24/7 Personal AI Agent That Lives on a Cloud VM, Has Its Own Email Address, and Executes Tasks Inside Third-Party Apps via MCP. The Always-On Agent Just Became a Product Category — and Every SaaS Surface You Own Is Now an Agent Surface.
AI Development9 min read

Google Shipped Gemini Spark at I/O 2026 — a 24/7 Personal AI Agent That Lives on a Cloud VM, Has Its Own Email Address, and Executes Tasks Inside Third-Party Apps via MCP. The Always-On Agent Just Became a Product Category — and Every SaaS Surface You Own Is Now an Agent Surface.

At Google I/O 2026 on May 19, Google announced Gemini Spark — a personal AI agent that runs continuously on dedicated Google Cloud virtual machines, gets its own dedicated email address inside Workspace, drafts and replies on behalf of the user, monitors inboxes against playbook rules, and executes multi-step tasks inside third-party apps via the Model Context Protocol. Unlike the request-response Gemini chatbot, Spark persists when the user closes the tab and runs on schedules, conditions, and standing instructions — a 7 AM briefing assembled from Gmail and Calendar context, a continuous monitor on customer-inquiry inboxes, an unattended follow-up sequence for sales touches. Beta access opened the week after I/O on the newly reduced $100/mo AI Ultra tier, with deeper MCP integrations rolling through the coming months. The structural read isn't 'Google shipped an agent.' It's that the always-on personal agent — an agent with its own network identity, that acts asynchronously, and that consumes integration surface from every SaaS product it touches — just became a real consumer product category. Here's what changes about the MCP surface every B2B SaaS team needs to expose, and why the 'who is the user?' question on your audit logs is about to mean something different than it has.

Sonnet Code Editorial Team · 1 de junio de 2026