rarecloud
ResourcesΒ·Glossarys

Model Context Protocol (MCP)

MCP is the open standard that lets AI assistants like Claude or Cursor use external tools and live data. Definition, how it works, why cloud providers ship MCP servers, and the security model.

By RareCloud Team Β· 4 min read Β· 6/11/2026

Model Context Protocol (MCP) is an open standard, introduced by Anthropic in 2024, that gives AI assistants a uniform way to use external tools and read live data. An MCP server exposes a set of typed tools (for example "list servers" or "get invoice"); any MCP-capable client, such as Claude Code, Claude Desktop or Cursor, can discover and call them during a conversation.

How does MCP work?

Three pieces:

  1. MCP server: a small program that wraps an API or data source and describes its tools in a machine-readable schema.
  2. MCP client: the AI application, which connects to one or more servers (commonly over stdio or HTTP).
  3. The model: decides when a tool is relevant, calls it with structured arguments, and uses the result in its answer.

Because the protocol is uniform, one server works in every compatible client without custom integration code.

Why do cloud providers ship MCP servers?

Developers increasingly operate infrastructure through AI assistants. Without MCP, an assistant guesses from training data; with it, the assistant reads the real state of your account: actual plans, actual prices, actual server status, and can act on it. RareCloud ships an official MCP server wrapping its public API, so an agent can answer questions like "what is running in my account and what does it cost per hour?" and go on to manage that infrastructure, all from live data through the same API everything else uses.

What is the security model?

The good pattern, and the one RareCloud follows:

  • The MCP server authenticates with a scoped API token, never your password.
  • Least privilege: you grant only the scopes the agent needs. Read scopes (list servers, view invoices) are safe to expose broadly; write scopes that change infrastructure or spend money are granted deliberately. Each token also carries its own request rate limit, and your credit balance is a hard ceiling on anything an agent can ever spend.
  • Audit logging: every call an agent makes appears in the account's activity log.

This matters because AI agents can be manipulated through their inputs (prompt injection). Scoping the token, and capping what a write-enabled token can do, bounds the blast radius without forcing you to choose between a useless read-only agent and a dangerous all-powerful one.

Related terms

API token, prompt injection, agentic coding, REST API, KVM.

Related