On March 25, 2026, MCP (Model Context Protocol) hit 97 million monthly SDK downloads. That is 16 months since its November 2024 launch. By the numbers alone, MCP won.
The other side of that number looks different.
- Perplexity CTO Denis Yarats announced at the Ask 2026 conference that MCP was “too expensive for production” and began removing it from their flagship product.
- Y Combinator CEO Garry Tan posted “MCP sucks honestly” on X, then built a CLI alternative himself in 30 minutes.
- In July 2025, security firm Knostic manually verified 119 of 1,862 MCP servers exposed on the internet. Not a single one required authentication. As of 2026, only 8.5% of servers have adopted OAuth.
There are things 97 million downloads do not tell you.
#The Schema Tax on Context
MCP works by injecting tool schemas — what commands exist, what arguments they take, what they return — into the model’s context window. Every tool you connect costs context space, and that space comes directly out of what the model can use for actual work. Worse, accuracy degrades alongside it.
Yarats quantified the cost at Ask 2026. MCP schemas were consuming 72% of the agent’s context window. Before the user query even arrived, most of the working space was already gone, and it gets worse as conversations grow longer. When an agent calls tools repeatedly, schema overhead compounds.
“MCP sucks honestly. It eats too much context window and you have to toggle it on and off and the auth sucks.”
Tan’s experience was more concrete. Just two tools attached and 20% of the context was gone. Perplexity ultimately switched to their own Agent API (REST-based, OpenAI-compatible). They kept MCP servers around but pulled them out of the core product path.
#Give an LLM a CLI and It Figures It Out
On February 28, 2026, Eric Holmes lit the match with a single post.
“LLMs are really good at using command-line tools. They’ve been trained on millions of man pages, Stack Overflow answers, and GitHub repos full of shell scripts.”
Holmes made three points.
- Debugging: MCP means digging through JSON logs. With CLI,
jira issue viewgives you the same result the agent saw. - Auth: MCP requires implementing its own authentication. CLI reuses what already exists — AWS SSO, GitHub CLI, kubeconfig. No extra work whether a human or an agent is using it.
- Operations: MCP servers need a separate process running and state managed. CLI runs the installed command and exits.
After this post spread on Hacker News, Tan’s post and Perplexity’s departure followed in quick succession. Survey results point the same way. In a Pragmatic Engineer survey of 900 developers (January–February 2026), the most-used AI tool was Claude Code — a terminal-native agent that reads and writes files directly, no MCP required.
There is a limit to this argument, though. Holmes’s thesis works cleanly for tools like git, curl, and jq — tools already present in massive quantities in LLM training data. Internal custom CLIs are a different story. For a tool the LLM has never seen, you need a schema. At that point, CLI’s “no schema needed” claim breaks down. The more custom tooling an organization has, the sooner CLI alone falls short.
#A Spec That Does Not Enforce Auth
The security numbers are worse. In July 2025, Knostic found 1,862 MCP servers on the internet and manually verified 119 of them. Not a single one required authentication, and three CVSS 9+ CVEs had already piled up. Nine months later, little has changed. In February 2026, Astrix analyzed 5,200 open-source MCP servers. 88% did require authentication, but more than half (53%) relied on long-lived static secrets like API keys and PATs. Authentication exists, but it is easy to break. The MCP spec added OAuth 2.1, but actual adoption sits at 8.5%.
The root cause is not ecosystem immaturity. The MCP spec itself makes authentication optional. When the spec does not enforce it, server builders skip it. Given that 75% of the ecosystem consists of servers built by individuals rather than companies, this outcome was predictable. This is not the kind of problem that resolves with time. The spec needs to change.
#So Is MCP Dead
As 97 million downloads show, MCP remains a popular tool. But the way it is used is changing.
“Individual usage of coding agents looks very different from organizational adoption.”
For individual developers, MCP is overhead. There is no reason to spin up an MCP server when gh pr create does the job. Holmes is right, and this is why Claude Code ranks first.
But “organizations need MCP” is too easy a conclusion as well. CLI tools like gh, aws, and gcloud already support SSO and audit logs at the organizational level. Being an organization does not automatically make MCP necessary.
The conditions where MCP actually becomes necessary are narrower. Hundreds of people needing access to dozens of internal custom tools, with centralized auth and audit requirements, and a tool catalog that changes frequently. Most teams have not reached this point yet. The fact that enterprise readiness items on the MCP 2026 roadmap are still at pre-RFC stage illustrates this gap well. The need is clear, but the spec is not there.
For individuals, MCP is already unnecessary. For organizations, MCP is still incomplete. If MCP is going to survive, it has to start by acknowledging this gap.
#References
- Anthropic — MCP hits 97 million downloads (2026.03.25)
- Eric Holmes — “MCP is dead. Long live the CLI” (2026.02.28) — The post that kicked off the MCP backlash
- Garry Tan — “MCP sucks honestly” (X, 2026.03.11) — Y Combinator CEO’s MCP critique
- Perplexity — Shift from MCP to API/CLI (Ask 2026) — Schemas consuming 72% of context
- Charles Chen — “MCP is Dead; Long Live MCP!” (2026.03.14) — Individual vs. organizational distinction
- Astrix — “State of MCP Server Security 2025” (2026.02) — 5,200 MCP servers analyzed, OAuth adoption at 8.5%
- MCP 2026 Roadmap (WorkOS) — Enterprise items still at pre-RFC
- Pragmatic Engineer — AI Tooling for Software Engineers in 2026 — 900-person survey, Claude Code ranked first