[Week of April 20] — The Protocol Everyone's Betting On Just Got a Security Problem

WHAT I'M THINKING ABOUT

MCP is having its jQuery moment — the point where a tool goes from "interesting experiment" to "part of everything." It's now an official multi-company open standard under the Linux Foundation, with AWS, Cloudflare, and Google all publishing production commitments. I've been using MCP tooling for months, and the delta between what's possible now versus manually wiring enterprise integrations (the way we did it at Freedom Forever) is almost embarrassing. But this week came a necessary reality check: a design flaw was found in Anthropic's official MCP that puts up to 200,000 servers at risk of complete takeover. Adoption speed and security rigor don't move in sync. They never do.

WHAT CAUGHT MY EYE

• MCP has won the protocol wars — it's the de facto integration layer for agentic AI, natively supported by Anthropic, OpenAI, Google, and Microsoft. If you're not building on it, you're accumulating technical debt. (Why the Model Context Protocol Won – The New Stack)

• The AI maturity gap is massive — 94% of product professionals say they use AI frequently. Only 28% use it for actual prototyping. That's not embedded AI — that's using it like a search engine with better sentences. (Product Management Trends 2026 – Product School)

• Security researchers flagged a critical MCP flaw this week that could expose ~200k servers to takeover. If you have MCP servers in production, audit now. (The Register, April 16)

ONE THING

Your learning speed is your moat right now. AI lets any competitor clone your product experience, workflows, and messaging in weeks. The only thing they can't replicate is how fast your team notices what's changing and ships a different answer. So here's the question worth sitting with this week: what's slowing down your team's feedback loop? Not your roadmap — your loop. That's where the leverage is.

— Nick