The developer-first design that drove MCP's adoption made a specific assumption: that organizations already had the security infrastructure and operational maturity to handle distributed responsibility. Most teams are still building those capabilities.

Open protocols shift security and operational responsibility to the teams deploying them. When anyone can publish an MCP server, no one owns security by default. Organizations must build their own vetting processes, security reviews, and operational guardrails.

The 43% command injection vulnerability rate across publicly available servers reveals how distributed responsibility creates distributed risk. For web agent infrastructure specifically, this matters more: agents operating across external systems inherit every vulnerability in their integration chain. A compromised MCP server doesn't just leak data—it can inject malicious commands into automated workflows touching customer-facing systems.

At TinyFish, we've built the governance layers that production web agent deployment requires. We understand what this organizational work entails. Finding better implementations solves part of the problem. Building capabilities most teams don't have yet solves the rest.

Three areas where organizational maturity gaps appear:

Credential management becomes an organizational problem. 88% of MCP servers require credentials, but over half rely on static secrets in configuration files. Developers default to environment variables because they're convenient for local development. Production requires dedicated secrets management services with encrypted storage, rotation policies, and audit trails. Infrastructure work, not code fixes.

Supply chain vetting requires processes most organizations haven't established. Using community-built MCP servers means scanning codebases for vulnerabilities, maintaining software bills of materials, implementing continuous security monitoring. Organizations that built these practices saw 48% fewer vulnerability incidents in production. Building them takes months and dedicated security engineering capacity.

Authentication architecture exposes maturity gaps. OAuth 2.1 adoption sits at just 8.5% across the ecosystem—most implementations still use basic authentication patterns. Moving to production requires authorization server discovery, token management, integration with existing identity providers. Organizational infrastructure that takes time to build correctly.

When Asana faced an MCP-related privacy breach in June 2025, they pulled the integration offline for two weeks while security teams patched the vulnerability. The incident revealed what open protocols don't provide: vendor responsibility for security outcomes. Asana owned the breach response, not the MCP server author. Distributed responsibility creates this trade-off.

For enterprises evaluating MCP, the decision centers on organizational readiness. Some organizations have the security engineering capacity to handle distributed responsibility now. They can implement comprehensive vetting, build secrets management infrastructure, establish OAuth 2.1 compliance. For them, MCP's openness is an advantage—they control their security posture rather than depending on vendor roadmaps.

Other organizations are discovering they need to build these capabilities first. Experimentation can proceed with appropriate risk boundaries. Production deployment waits until the infrastructure exists to support it safely.

We've seen this pattern repeatedly with web agent infrastructure. The technology that enables developer velocity rarely includes the governance frameworks that enable enterprise deployment. Building those frameworks—the authentication layers, the monitoring systems, the vetting processes—is organizational work that happens after the initial prototypes succeed. MCP's architecture accelerated the prototyping phase. It also made the organizational maturity gap more visible.

Open protocols create friction by shifting responsibility from vendors to the organizations deploying them. Understanding that shift determines adoption timing and production readiness.