A year ago, Model Context Protocol (MCP) was first introduced by Anthropic to solve one of AI’s biggest challenges: giving large language models (LLMs) and agents real-time access to data and applications. Seemingly overnight, it became widely recognized as “the” standard for bridging AI systems with the broader digital ecosystem.
Since then, its impact has been immediate and immeasurable. Nearly 2,000 MCP servers are in the official registry, and adoption continues to accelerate. Organizations across financial services, e-commerce, developer tooling, and identity security are investing in MCP — building the infrastructure that enables AI agents to automate routine tasks, triage issues, and surface insights with minimal human intervention.
The latest milestone: Cross App Access is now an MCP extension
While MCP has delivered on its goal of improving interoperability, scaling these deployments to production created a new, non-negotiable challenge: enterprise security.
As companies expose their toolsets for tasks like payment processing, customer management, or code review, AI agents are directly integrating with these systems — often in ways that fall completely outside traditional IT visibility and policy controls.
These agent-driven or app-to-app connections are established without visibility by the enterprise admin, or worse with hardcoded static credentials. The result is a rapidly growing, unmanaged attack surface as well as significant security and governance gaps.
The latest MCP specification update, released today, marks a major milestone: Cross App Access (XAA) is now incorporated as the MCP authorization extension "Enterprise-Managed Authorization." This completes the picture by introducing secure managed access for enterprises, building on the foundational authentication and authorization frameworks added earlier this year.
To make it easy for developers to adopt the new authorization capabilities, the official MCP SDKs will be updated to include support for the XAA auth extension, starting with TypeScript and Java. This means, once the MCP SDKs are officially updated, any agent or tool built using the SDKs will be able to take advantage of enterprise-grade identity and authorization out of the box — no custom security plumbing required.
By being incorporated as an MCP authorization extension, XAA will dramatically extend its reach from securing direct app and agent integrations to powering identity and authorization across the entire ecosystem of MCP-connected AI tools.
Developers and enterprises gain a standards-based security framework by leveraging their existing XAA-supporting identity provider (IdP) to replace static credentials and risky API tokens with centralized policies for AI agent interactions. IdPs, like Okta, will act as the control plane for the AI enterprise, delivering unified governance by making connections auditable and manageable, while helping improve the user experience by removing repetitive authorization consent screens.
XAA and MCP together in practice
To illustrate what this looks like in an AI agent workflow, imagine a financial services company that exposes its internal fraud detection tool as an MCP server. MCP allows an AI agent to talk to it in a standard way so the agent can request actions — such as "Review all transactions over $10,000 in the last hour and flag any with a risk score above 0.7” — and get responses without needing custom integrations.
For this action and all subsequent interactions with sensitive systems (like accessing customer records to triage the flagged results), access is not granted by stored credentials or individual user approvals. Instead, XAA enables the IdP to act as the intermediary to verify the AI agent’s authorization against enterprise identity policies. If authorization is granted, XAA helps ensure access is scoped and managed so that every agent action is logged and fully revocable.
While MCP provides a standardized way for AI agents (clients) to connect with external tools and data sources (MCP servers), XAA adds the missing layer of identity-aware authorization to these interactions.
To learn how to adopt XAA, visit the Cross App Access landing page.
