What "Agents Having Tools" Means
Through 2023, LLMs were essentially text-in, text-out functions.
In 2024, function calling let LLMs call external tools. But each vendor (OpenAI, Anthropic, Google) used a different API spec — write a tool once, it ran on one model.
To unify the fragmentation, Anthropic released MCP (Model Context Protocol) in late 2024 — an open standard so any model can access tools and context the same way.
Analogy: USB-C standardized device cables. MCP is doing the same for AI agent tools.
The Three Core Ideas in MCP
1. Client-Server Architecture
MCP is a protocol between MCP servers (tool providers) and MCP clients (AI models).
- MCP Server: exposes a set of tools (e.g., filesystem MCP, GitHub MCP, Postgres MCP)
- MCP Client: any LLM (Claude, GPT, Gemini, Marblo…) connects the same way
Build one MCP server — every MCP-compatible client can use it.
2. Three Standard Interfaces
- Resources — read-only data (files, DB query results, API responses)
- Tools — callable functions (file writes, query execution, notifications)
- Prompts — reusable prompt templates
Almost every practical scenario expresses neatly into these three abstractions.
3. Standard Message Format
JSON-RPC 2.0–based standard messages. Models discover what an MCP server exposes and call it without prior training.
Why MCP Changed the Agent Industry
Tool Ecosystem Explosion
The standard ignited a community MCP server ecosystem. By 2026:
- Official MCP servers: filesystem, Git, GitHub, Slack, Postgres, SQLite, Brave Search, Puppeteer, etc.
- Community MCPs: Notion, Linear, Figma, Jira, AWS, GCP, and many internal-system adapters
Write a tool once as MCP-compatible — every LLM can use it.
Standardized Internal System Integration
Enterprise environments' biggest pain has always been integrating with internal systems (ERP, CRM, internal DBs, intranets). With MCP:
- Wrap your internal ERP API in an MCP server once
- Agents call it identically regardless of which LLM
- Security policies (auth, ACLs) consolidate in the MCP server layer
This unlocks model-vendor freedom while protecting internal assets.
MCP's Security Model
A common question: "Isn't giving AI agents access to internal DBs risky?"
MCP is explicit about security:
- Explicit permission delegation — users decide which MCP servers to trust
- Sandboxing — each MCP server can run in an isolated process
- Audit logs — every tool call is recorded
In particular, local execution environments keep data on-machine. Marblo (local desktop agent) + internal MCP server combinations give agents tool access without ever sending code to the cloud.
MCP in Marblo
Marblo is designed MCP-native. In the workspace:
- Add/manage MCP servers via GUI
- Scope per-agent MCP server permissions
- View MCP call logs alongside the kanban board in real time
Multi-tool pipelines like Slack notification → Linear ticket → GitHub PR are possible without writing extra code.
What to Consider for In-house Adoption
- Which systems should you expose via MCP? — prioritization required
- How to design the permission model? — least privilege per agent role
- Who maintains internal MCP servers? — clear ownership
These three are exactly what we work through in the diagnostic stage of In-house Adoption Consulting.
Wrap-up
MCP isn't just a technical standard. It's the infrastructure that turns AI agents into true tool-wielding collaborators. After this standard settles, the next one — agent-to-agent collaboration protocols — is coming.
Organizations building on MCP today will lead the next five years of the agent era. Marblo arrived first on top of this standard.