Every serious MCP production deployment in 2026 has had the same hidden cost: session affinity. Because MCP was a stateful protocol, client-server pairs needed to maintain a connection — which meant sticky sessions at your load balancer, shared session stores to handle node failures, and deep-packet inspection at your API gateway to route requests to the right server instance.
None of that is particularly hard engineering. But it is engineering that exists purely because of a protocol design decision, not because of any inherent requirement of AI agent communication. And in practice, it meant that MCP “works at scale” and “works in a demo” were meaningfully different statements.
The 2026-07-28 release candidate, locked on May 21, 2026, removes that constraint. Session management is out of the protocol core. MCP is now stateless.
What the RC Actually Changes#
The headline change is architectural: MCP requests are no longer required to maintain server-side session state. Each request carries sufficient context to be processed independently. Any server instance can handle any request. You can run MCP servers behind a standard round-robin load balancer without sticky sessions. You can kill any server instance without breaking a client’s ongoing operation.
For teams running MCP in production this is not a minor convenience. Sticky sessions add latency (every new connection has to find the right node), add operational complexity (you need session drain logic for deploys), and create single points of failure (if a node dies mid-session, the client’s context is gone). The stateless model eliminates all three.
The RC also ships four other significant changes:
Extensions framework. The previous monolithic spec versioning meant that new capabilities required bumping the entire spec version, forcing simultaneous adoption across the ecosystem. The Extensions framework decouples this: extensions have independent version numbers and capability negotiation. A client and server can support MCP 2026-07-28 core but negotiate different extension sets. This is how you evolve a protocol that 97 million people have already installed without breaking things.
Tasks extension graduated to stable. The Tasks extension — which allows an MCP server to report progress, intermediate outputs, and completion status for long-running operations — has moved from experimental core to a stable extension. It was already widely implemented; the graduation means it now has a stability guarantee that production code can rely on.
MCP Apps. Servers can now ship sandboxed HTML UIs. This is a narrow but useful capability: an MCP server that wraps a complex data source (a database, a monitoring system, a document store) can ship a lightweight UI that a host application renders inline. The sandboxing model is strict — no cross-origin access, constrained API surface — which keeps the security properties intact while giving server developers a richer surface for presenting structured information.
OAuth 2.0 / OIDC hardening via SEPs. Six Security Enhancement Proposals were merged into the RC, addressing the OAuth mix-up attacks that surfaced at MCP Dev Summit NYC in April and the token hijacking technique Mitiga Labs disclosed earlier this month. The specific changes: required issuer validation on all tokens, PKCE enforcement on public clients, token binding where supported, and stricter redirect URI matching. The OAuth-based authentication story has been MCP’s most persistent security liability; the RC represents the most comprehensive hardening pass the spec has received.
The 10-week RC window runs through late July. Tier 1 SDKs — TypeScript, Python, Go, Rust — are expected to ship compatible releases before the July 28 final publication date. Existing implementations remain valid; the stateless model is opt-in for servers that still need stateful behavior (there are legitimate use cases, like streaming audio contexts that span multiple requests).
The Agentic AI Foundation#
The technical changes in the RC land alongside a governance shift that’s arguably just as significant for long-term MCP adoption: Anthropic donated MCP to the newly formed Agentic AI Foundation (AAIF).
The AAIF is a Linux Foundation project. Founding members are Anthropic, OpenAI, and Block. Platinum supporters at launch include Google, Microsoft, AWS, and Cloudflare.
The practical implication: MCP is no longer Anthropic’s protocol. It’s neutral infrastructure governed by a multi-stakeholder foundation that includes Anthropic’s primary competitors.
This matters for enterprise procurement. A common objection to deep MCP adoption has been vendor lock-in risk: what if Anthropic steers the spec in directions that favor Claude, or what if they abandon the project if their business model shifts? Both concerns are now less credible. The AAIF governance structure gives OpenAI and Google seats at the table, which means neither can easily steer the spec unilaterally. And the Foundation model means the spec survives any individual company’s business decisions.
OpenAI’s founding membership is the most notable signal. Earlier this year, OpenAI deprecated the Assistants API and migrated users toward MCP-compatible patterns — a recognition that the ecosystem had converged on MCP as the integration layer. AAIF membership formalizes that position. OpenAI is not just compatible with MCP; it’s a steward of the protocol.
For comparison: the A2A protocol (Google’s agent-to-agent communication standard, now also in Linux Foundation governance) and MCP are complementary, not competing. A2A handles agent-to-agent orchestration; MCP handles agent-to-tool connections. The AAIF governance brings the two most important agentic infrastructure protocols under the same neutral umbrella.
What This Means for Production Deployments#
If you’re an engineering team running MCP in production, the RC changes your infrastructure planning in two specific ways.
Load balancing gets simple. Swap your sticky-session configuration for round-robin. If you’re on a managed load balancer (ALB, Google Cloud LB, Azure Application Gateway), remove the session persistence rules. If you’re running your own Nginx or HAProxy tier, drop the ip_hash or cookie directives from your upstream configuration. The change is two to three lines of config.
Compliance conversations get easier. The AAIF structure means you can tell your procurement and legal teams that MCP is a Linux Foundation standard with multi-vendor governance, not a proprietary Anthropic protocol. That changes the vendor lock-in analysis in most enterprise procurement frameworks.
The Extensions framework won’t affect most teams immediately, but it matters for planning: if you’ve been holding off on building MCP integrations because you were worried about spec churn, the Extensions framework is the mechanism that will let the spec evolve without breaking your existing work. Write to the core, negotiate extensions, upgrade incrementally.
The Bigger Picture#
The STDIO security crisis in May, the OAuth token hijacking disclosure, and the persistent sticky-session problem have made 2026 a difficult year for MCP’s production narrative. The 97 million download number from the March milestone was real, but a lot of those deployments were demos and personal toolchains, not hardened production infrastructure.
The RC represents the inflection point. Stateless core, hardened auth, stable extensions, neutral governance. This is what a production-ready protocol looks like. The question for engineering teams is no longer whether MCP is ready for enterprise deployment — it’s whether your MCP server implementations are ready.
The July 28 final date gives you 10 weeks. Tier 1 SDK support will arrive before the final date. For teams already running MCP in production, start planning the session-state migration now: audit which servers genuinely need stateful behavior (fewer than you think), and which are stateful by default because that’s what the old spec required (most of them).
For teams still evaluating MCP adoption, the RC removes the strongest infrastructure objection. Stateless MCP on a standard load balancer is operationally boring in the best possible way.
Sources:
- The 2026-07-28 MCP Specification Release Candidate — MCP Blog, May 21, 2026
- Anthropic: Donating MCP to the Agentic AI Foundation — Anthropic, May 2026
- Linux Foundation Announces the Formation of the Agentic AI Foundation — Linux Foundation, May 2026
- MCP Goes Session-less — What the 2026-07-28 Release Candidate Actually Changes — Medium
- MCP 2026-07-28 Stateless RC Explained — MCP Directory
- MCP’s Biggest Growing Pains for Production Use Will Soon Be Solved — The New Stack