Back to Podcast Digest
AI Engineer··17m

Bringing MCPs to the Enterprise — Karan Sampath, Anthropic

Watch on YouTube →

TL;DR

  • Anthropic’s enterprise MCP pitch is basically “bless one gateway, not 40 servers.” — Karan Sampath argues security teams should establish a single root of trust so teams can build many MCP servers without each one becoming its own auth, observability, and security problem.

  • The current MCP ecosystem is growing fast, but enterprises still hit three “table stakes” blockers: observability, access control, and security. — Even with an official registry containing thousands of servers, companies still can’t easily answer who is using which tools, who should be allowed to change them, or how to prevent data exfiltration.

  • A gateway lets business teams focus on business logic instead of enterprise plumbing. — His example is a legal team building a contract-review MCP that only needs to care about redlines and escalation rules, while the gateway handles auth, routing, secure tunnels, credential management, and deployment.

  • The hidden upside is speed and scale. — Sampath says a gateway gives enterprises one place to plug into new agent surfaces like Claude.ai, Claude Code, or Claude Code Work, while also supporting faster iteration, standard operating primitives, pluggable credentials, and scaling from tens to hundreds of thousands of agents.

  • This isn’t just an MCP convenience layer — it’s Anthropic’s architecture for future agents. — The bigger goal is separating the “agent harness” from the data layer, so enterprises can swap between managed agents, internal agent SDKs, and future surfaces without rebuilding how their tools connect to sensitive systems.

The Breakdown

The Enterprise MCP Problem Isn’t the Registry — It’s Everything Around It

Karan Sampath opens with the provocative alternate title: “why we think gateways are all you need.” He quickly acknowledges MCP’s momentum — an official registry with thousands of servers, growing fast — but says enterprises still can’t get the basics they consider table stakes: observability, access control, and security.

The “Three-Headed Hydra” Blocking Real Deployment

He frames enterprise pain as a “three-headed hydra”: companies can’t see who is using their MCPs, can’t properly scope who gets access to which tools, and can’t confidently secure private data against unsafe servers or untrusted remote clients. In his telling, these are old API-era problems that enterprises know how to solve in principle — they just don’t yet have a good MCP-native way to solve them.

Why Great MCPs Still Die in the Org Chart

Sampath describes the organizational bottleneck: every team can now build MCPs thanks to coding tools, but those servers stall when security teams get overloaded and can’t review everything. Meanwhile, execs are left asking why the company’s agents are still ineffective, which makes these “paper cuts” feel much bigger than they sound because every good MCP improves every agent in the company.

The Core Thesis: Security Teams Should Bless One Platform

His main takeaway is blunt: the goal is to establish a root of trust by blessing one platform. Whether that platform is called a gateway or not, the idea is the same — enterprises that centralize trust can decentralize MCP creation, and in Anthropic’s experience that unlocks much broader experimentation both internally and with customers.

What the Gateway Actually Does

He defines a gateway as the middle layer between many MCP servers and any MCP client, then rattles off what it should absorb: authorization, authentication, observability, secure connectivity, and easy hosting and deployment. The payoff is that a new MCP team only needs to care about business logic; his legal-team example is memorable because they should be thinking about contract redlines and escalation, not auth scopes and server scaling.

The Stack Inside the Gateway

Sampath’s sketch of the gateway includes auth, role-based access control, proxy routing, secure tunnels, an internal sub-registry, and extra tooling like a CLI. That CLI matters because he imagines not just developers but agents like Claude Code being able to understand it quickly, making MCP creation easier and more standardized across a company.

The “Free Lunches” You Get Once the Gateway Exists

From there he runs through the second-order benefits: one-time integration with new surfaces like Claude.ai, Claude Code, and Claude Code Work; stronger encrypted connections to sensitive internal data; faster iteration without repeated security reviews; standard enterprise primitives; pluggable credentials; and better scaling from tens to hundreds of thousands of agents. His tone here is basically: this sounds almost too good, but try it and you’ll see the compounding effect.

The Bigger Bet: Separate Agents from Data

He ends by zooming out to Anthropic’s longer-term architecture: separate the agent harness from where enterprise data lives. The gateway becomes the invariant layer, whether you use Claude managed agents that were “released recently” or your own internal Claude agent SDK setup, which gives enterprises flexibility about what stays in-house versus outside without constantly rebuilding the data connection layer.

The Closing Summary

His final three-point summary is crisp: invest in common infrastructure instead of rolling bespoke MCP deployment patterns, use gateways and secure connections to create a root of trust, and move toward a future where the agent harness is cleanly separated from the data layer. It’s a practical pitch, but also clearly a vision for how Anthropic thinks enterprise agent systems should be assembled.