The following is a hypothetical interview. Nkem Okafor-Whitfield is a fictional character, though the events, organizations, and technical details she references are real. We invented her so we could have a conversation that no actual governance board member would be candid enough to give on the record.

In December 2025, Anthropic donated the Model Context Protocol to the newly formed Agentic AI Foundation, a directed fund under the Linux Foundation co-founded by Anthropic, Block, and OpenAI.¹ The stated goal: make MCP "open, neutral, and community-driven" as it became critical infrastructure for AI.² By then, MCP already had over 10,000 active servers and 97 million monthly SDK downloads.

Two and a half years later, the protocol is everywhere. The governance questions haven't gone away. They've just gotten more specific.

Nkem Okafor-Whitfield joined the AAIF governing board in mid-2026, recruited from fifteen years in enterprise architecture at a major European bank. She was, by her own description, "the person they could point to when someone asked whether regulated industries had a seat at the table." We spoke over video in early 2028. She was in London. There was a dog intermittently visible behind her left shoulder.

You came from regulated financial services. What made you say yes?

Nkem: Flattery, mostly.

No — look, Bloomberg's CTO had publicly committed to extending MCP for regulated environments.³ That signaled to me that the adults were arriving. And the pitch was genuinely compelling. Here's this protocol that's already won, and now we need people who understand what "production" means when getting it wrong has legal consequences. I thought I was being recruited to help shape the standard.

Which was... not exactly wrong. But it was incomplete in a way I didn't appreciate until I was inside.

What did "inside" look like?

Nkem: The AAIF governing board handles strategic investments, budget, membership, recruitment, approval of new projects. The technical direction of MCP — the spec itself — stays with the maintainers. And the maintainers are employees of the founding companies.⁴ So you have this governance body that looks, from the outside, like it's steering the protocol. From the inside, you realize you're steering the organization around the protocol. The protocol has its own driver.

I don't think that's a scandal. The Linux Foundation model works this way for good reasons. But the gap between what enterprise adopters think AAIF governs and what it actually governs — that's where I spent most of my time.

The April 2026 Dev Summit in New York drew 1,200 attendees. What was the real decision that came out of it?

Nkem: Scope. David Soria Parra — MCP co-creator, Anthropic staff — drew the line explicitly. MCP connects AI applications to data sources. It does not do identity. It does not do observability. It does not do governance. Those belong to "other projects and other standards."⁵

I remember sitting there thinking: okay, so the protocol that every enterprise needs to secure has just formally declared that security architecture is someone else's problem. And honestly? Keeping a protocol narrow is good engineering. I've watched enough standards committees drown in scope creep to appreciate discipline. But the consequence is that the most consequential decisions for enterprise deployment — who builds the identity layer for agents, who controls audit trails, who governs discovery — those decisions are happening in a market layer with no neutral governance body at all.

AWS, Google, Microsoft are all building the gateway and identity layers above MCP.⁶ The open governance model is genuine in what it covers. It just can't cover what the architecture already decided belongs elsewhere.

The OX Security disclosure in April 2026 flagged 200,000 MCP servers potentially affected by what they called a "by design" flaw in STDIO transport.⁷ Where was AAIF?

Nkem: Structurally unable to catch it. The governance process doesn't cover protocol-level security architecture. The maintainers handle that. Anthropic updated their SECURITY.md file nine days after OX's initial contact, noted that STDIO adapters should be used with caution, and made no architectural changes.⁸

OX said something I kept bringing up in board meetings afterward:

That sentence describes our entire governance model, if you squint. The protocol is connectivity. Everything above it — your problem.

Google launched the Universal Commerce Protocol in January 2026, one month after MCP's donation to AAIF.¹⁰ How did that land with the board?

Nkem: UCP is the example that makes the abstract concrete. It uses the same .well-known discovery pattern as MCP Server Cards — merchants publish profiles, agents discover them.¹¹ But UCP lives outside AAIF governance. It's an open-source standard controlled by Google. And it enables agentic actions on Google Search's AI Mode and Gemini.¹²

So practically: if your store isn't structured for UCP, agents browsing Google's surfaces skip you. The protocol is "open." The discovery surface is Google's. And the governance body that's supposed to ensure "no single company controls the direction of foundational infrastructure" — that's us — has no jurisdiction over the commerce layer that actually determines who gets found.

A2A joined the Linux Foundation ecosystem alongside UCP.¹³ So you have this constellation of protocols that are all technically open, all technically interoperable, and the power concentration is happening at the surface level. Who controls what agents see first. We govern the plumbing. Nobody governs the faucet.

What defaulted without anyone deciding?

Nkem: The identity layer. Full stop. We talked about it endlessly. The 2026 roadmap identified enterprise-managed auth as a gap requiring community proposals.¹⁴ OAuth 2.1 was added but made optional, which in practice means unenforced.¹⁵ And while we debated, the platforms built their own identity infrastructure. Same trajectory as the consumer web defaulting to Google and Facebook for login. We watched it happen in real time, from a conference room with excellent catering.

What I underestimated is how much adoption velocity constrains governance. By the time I joined, implementations had already run ahead of standardization on server discovery. SEP-1649 and SEP-1960 were still in draft while major clients were shipping their own versions.¹⁶ You can't govern what's already deployed. You can only describe what happened and call it a standard.

Do you regret joining?

Nkem: No. But I've updated my model of what governance does in a protocol ecosystem where the architecture preceded the institution.

That's uncharitable. We do real work. Open governance gave enterprises the confidence to adopt. And the scope decisions made by the founding companies' engineers determined what those enterprises would need to solve on their own. Both of those things are true. Neither is particularly comfortable to sit with at the same time.

[The dog reappeared. She did not acknowledge it.]

Footnotes

1. Linux Foundation AAIF announcement, December 9, 2025 ↩

2. Anthropic MCP donation announcement ↩

3. AAIF press release, PRNewswire ↩

4. MCP Blog, "MCP joins the Agentic AI Foundation" ↩

5. Futurum Group, "MCP Dev Summit 2026: AAIF Sets A Clear Direction" ↩

6. DX Heroes, "MCP governance in the enterprise: early 2026" ↩

7. VentureBeat, "200,000 MCP servers expose a command execution flaw" ↩

8. VentureBeat, ibid. ↩

9. VentureBeat, ibid. ↩

10. Google Developers Blog, "Universal Commerce Protocol (UCP)" ↩

11. Google for Developers, UCP Guide ↩

12. Google Blog, "New tech and tools for retailers" ↩

13. Futurum Group, "MCP Dev Summit 2026" ↩

14. MCP Official Roadmap, March 2026 ↩

15. Coalition for Secure AI, "After RSAC 2026" ↩

16. Ekamoira Blog, "MCP Server Discovery" ↩