Home / Companies / WorkOS / Blog / Post Details
Content Deep Dive

The biggest MCP spec update ships July 28: What changes for AI agent authentication

Blog post from WorkOS

Post Details
Company
Date Published
Author
Maria Paktiti
Word Count
1,723
Company Posts That Month
31
Language
English
Hacker News Points
-
Summary

The release candidate for the Model Context Protocol (MCP) 2026-07-28 introduces significant changes, described as the largest revision since the protocol's launch. Key updates include the removal of sessions, the elimination of the initialization handshake, the deprecation of three core features, and a shift to a stateless core, which allows any server instance to handle any request without the need for sticky routing or shared session stores. The authorization framework is strengthened to align with OAuth 2.1 and OpenID Connect, making it more enterprise-ready by requiring OAuth 2.0 Protected Resource Metadata and Resource Indicators. Extensions are now a formal part of the protocol, enabling features like MCP Apps and Tasks to evolve independently. Deprecated features such as Roots, Sampling, and Logging are documented and scheduled for phased removal. The migration deadline is July 28, 2026, and involves updating server and client implementations to accommodate these changes, which are anticipated to enhance the security model by ensuring token validation per request and facilitating standardized extensions for security-relevant capabilities.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
MCP 41 6,026 689 188 -15%
AI Agents 2 4,874 1,103 240 -1%