Meta Hiring Spree, AI Leader Tensions, New MCP Version

We're back this week after taking last week off! We'll cover the last two weeks of MCP and AI news and updates, instead of our usual one week of news.

Meta, perhaps worried it is falling behind in the AI goldrush, has begun an aggressive hiring spree. They spent $14 billion to acquire half of Scale AI, their second-biggest "acquisition" ever (second only to their $19 billion buyout of WhatsApp), seemingly largely to acqui-hire Scale CEO Alexandr Wang. Next up: former GitHub CEO Nat Friedman? Zuckerberg himself is reaching out to the who's who of AI with lucrative offers to come aboard.

All in all, it's good news for those of us building with AI: another big tech player pouring a few billion dollars into the industry will only bring our token costs down further and advance AI capabilities faster. Case in point: OpenAI's o3 reasoning model is suddenly 80% cheaper than it was at its launch just two months ago.

As big tech continues to drive down the costs of all this token usage for their users, tensions are starting to flare up behind the scenes. OpenAI is butting heads with Microsoft, highlighting the fact that the two companies have conflicting interests in realms like IDEs (Windsurf vs. Copilot) and the ongoing size of Microsoft's stake in OpenAI. Nvidia CEO Jensen Huang got into a public back-and-forth commenting on Anthropic CEO Dario Amodei's views on AI safety. Given the inaccuracy of Jensen's claims, we think this is more likely another resurfacing of residual feelings back from Nvidia's spat with Anthropic on chip export controls to China.

The MCP community was busy last week, officially releasing the 2025-06-18 version of the specification. We'll get into the highlights of the changelog in the MCP section down below, though our regular readers will already be familiar with the most notable changes: auth reclassification of MCP servers from authorization servers to resource servers, structured tool outputs, and user elicitations.

Some quick PulseMCP news: we're launching a pilot Partnership Program to help us continue to work on Pulse as well as contribute to the protocol full-time. If you're building in the MCP space and want to reach our audience of developers and technical decision-makers, we'd love to explore working together. Interested? Let's chat: mike@pulsemcp.com.

What's upcoming for MCP?

The news of the week is the release of the 2025-06-18 version of the specification. Here are the highlights:

→ Auth change to classify MCP servers as OAuth Resource Servers. This change has been a long time coming; we wrote about it in more detail a couple months ago. This will help enterprise and non-enterprise users alike limit the complexity of how much auth work they have to do to get OAuth working with their MCP servers.

→ Elicitations to request inputs from users. We also wrote about this two months ago. Elicitations are the first new primitive (to join Tools, Resources, Prompts, Roots, and Sampling) to be added to the specification since its initial release. One of many great use cases for them: use them to surface confirmation dialogs for particularly sensitive actions your MCP server might invoke.

→ Structured tool output. A somewhat controversial addition, but ultimately one that is optional and backwards compatible: you can define a JSON schema to which a tool call result is required to adhere. While it's not particularly useful for one-off tool calls (LLMs don't need structure - that's the beauty of them), where this becomes useful is tool call chaining. If your LLM knows the structure of expected outputs, it can plan to chain tool calls where the outputs of the first one(s) get piped through to the inputs of the next one(s).

→ Resource links. This solves the common problem of "I want to return an EmbeddedResource from a tool call, but my Resource is too big to fit in a context window."

→ A variety of security patches and best practices. Security within MCP is a very common complaint across social media and the AI ecosystem at large: but the amount of effort and thoughtful energy going into shoring it up, issue by issue, has been monumental and a testament to the cross-company collaboration going into MCP.

→ At release of the spec version, the TypeScript SDK was brought fully up to date with it. The other SDKs still have catching up to do, but we have at least one canonical reference ready to go.

→ Don't forget the nice quality of life upgrade for everyone reading the official docs: you can now select a version of the specification to read in the top left corner of the nav bar. Kudos to new community moderator @jonathanhefner for sneaking that much-needed upgrade in.

Hear more about the release that Anthropic's David has adorned "the first community-driven version of MCP" on The Context livestream from right after the launch.

Now that the release is out of the way, here's what's coming next: agent-supporting features, like long running tasks and partial/streaming results. A stabilization of community governance (i.e. a more formal answer to "how to get involved in contributing to MCP, and who makes the decisions"). Progress on server identity, Registry API, and .well-known. Check out more work we're tracking in the CWG repository.

Featured MCP Work

Zen MCP Server (#4 this week, #6 this month) by @BeehiveInnovations
→ This server has burst into relevance, ranking #6 for the month despite only being released a few weeks ago. It's used to combine the power of all the state of the art models (e.g. Claude + OpenAI + Gemini) with a coding agent like Claude Code. It's not the only MCP server of its kind seeing a spike in usage (Gemini Collaboration is also nearly in the top 100 this week): there's merit to the idea of blending models in combination with tactics like the Claude Code setup we wrote about a few weeks ago.

Task Master MCP Server (#7 this week, #10 this month) by @eyaltoledano
→ Task Master has officially gone super viral. Since its release a couple months ago, it's accrued over 16k GitHub stars. Think of it as an orchestrator MCP server for your coding agents - likely useful for non-coding workflows as well. In the same family as the Sequential Thinking MCP server. Notably, they recently added Claude Code account support: meaning you can leverage your Claude Max account to power these Task Master workflows. The bear case for this MCP server: agents like Claude Code are working to replicate its success natively in their agentic loops. So its popularity may be temporary until the agents it harnesses catch up to their (clearly well-received) planning framework.

ElevenLabs Voice Assistants (Mon, June 23) official MCP client
→ The launch video feels like the demo that sci-fi movies have been promising us for decades, and is the way voice assistants like Alexa should have been made to work. With MCP and ElevenLabs' top notch voice models, it's now possible. This is the most compelling launch we've seen for those eager to control AI with their voice (though we are bearish on the voice modality becoming the dominant medium for interaction with AI in general).

use-mcp React hook (Wed, June 18) MCP client by Cloudflare
→ After being a work-in-progress for some time, Cloudflare is officially releasing and open sourcing this utility. It's a React library that connects to any remote MCP server in 3 lines of code, with transport, authentication, and session management automatically handled. If you're building a web app with an LLM baked in, use it to facilitate a connection to remote MCP servers.

VS Code (June 12) MCP client full MCP specification support
→ We've of course covered VS Code before, but they deserve another mention for continuing to be the canonical example of a feature complete MCP client. They wrote about being feature complete on June 12, including all the goodies from the latest authentication spec through to Sampling and Roots. They even landed Elicitations the day after the 2025-06-18 spec release (currently available in VS Code Insiders). Hats off to the team providing the ecosystem with an excellent open source reference example that sets a gold standard for MCP client apps.

Webcam MCP Server (updated June 16) by @evalstate
→ Always at the bleeding edge of MCP, @evalstate recently released an update to his playful proof of concept mcp-webcam. Demonstrating advanced use of Resources, Sampling, and now multi-user capabilities over Streamable HTTP, it's a great reference server for a slew of bleeding edge features. He says he'll add another feature if we get him to 100 stars … let's help him out!

OpenNutrition (June 11) MCP server by @deadletterq
→ Augment any food-related workflows you might have with precise nutrition data from 300k+ food items. Generating recipes has long been a compelling LLM use case, and now you can add a layer of nutrition considerations to "make me a healthy recipe out of these 7 ingredients remaining in my fridge."

AntV Chart Generator (#40 this week) official implementation
→ Generate data visualizations in various chart types from structured data. Includes graphs, funnels, maps, histograms, and more. Baseline foundational models can do a decent job of this by generating code in native features like Claude Artifacts, but AntV provides a much more stable, predictable, and enriched experience where visualizations might be useful and shareable.

Browse all 300+ clients we've cataloged. See the most popular servers this week and other recently released servers.

A Few Good Links

→ Anthropic put out another viral "best practices" post, this time on building multi-agents in the context of their Research system. It's clear from reading this that architecting and orchestrating agents is going to be a major software engineering industry for years to come. A nifty takeaway for now: "Multi-agent systems work mainly because they help spend enough tokens to solve the problem."

→ That advice - more (effective) token usage = better performance - is showing up again and again. Steve Yegge from Sourcegraph penned a follow-up to his Revenge of the Junior Developer post called The Brute Squad. He makes the claim, "We've noticed that the companies that are winning with AI – the ones happy with their progress – tend to be the ones that encourage token burn." Combine that with practical insights like the idea that token-heavy agentic search capabilities outperform token-light RAG, and it seems like there is strong merit and momentum behind this insight.

→ Cognition, the creators of Devin, published a strongly worded post advising Don't Build Multi-Agents. Notably, their focus is on coding agents, so it's not actually contradictory with Anthropic's post on building a research system on a multi-agent architecture. Their key beef with multi-agents is the fact that one mistake or misalignment by one agent can bring down the entire workflow like a house of cards. So when the system works, it seems great - but more often than not, one mistake or lack of context will doom the whole process.

→ There's a new hot phrase in town: "context engineering." Unlike the "prompt engineering" phrase that came before it, we think this one is a closer approximation of what the field of software engineering is actually going to evolve into. Architecting things like multi-agent systems, deciding what your agents need to be successful, implementing MCP servers to deliver it – all hallmarks of what software application builders will need to learn. The phrase was actually coined by Walden Yan in that aforementioned Cognition post. It was amplified a bit before Tobi from Shopify really hammered it home. Plenty of other people are saying the same thing in different ways. Even Andrej Karpathy, in his recent popular talk at Y Combinator, said as much in his slide (32:22) on "what do we have to do besides code to launch an app" - it's all related to context engineering.

→ If you only watch one 30 minute video on the state of AI-assisted coding this week, watch this discussion between the Cursor team and Anthropic. Even though it was recorded around late May 2025, the discussion feels about 2-3 months ahead of where most of the industry is now in late June. One insight from Aman that we loved: verification (i.e. code reviews) is quickly becoming the bottleneck for all this code being produced by more agentic systems. This jives with our view that engineers need just enough insight into the output being produced by agentic coders to keep abreast of what is going in their codebase. Who's going to reinvent the pull request/review for an AI-native world? Our guess is that Cursor will be waging a war against GitHub Pull Requests very soon.

→ Agentic coding gets all this real estate because it's the first agent use case that has reached true product-market fit. But more is on the horizon. A little easter egg in Anthropic's post on their multi-agent research system is a graphic showing for what purposes Claude Research has been getting used. Some highlights: financial markets trading, religious text analysis, legal document drafting. "Research" is a key (but not only) step in each of those workflows. Stay tuned for companies working on these agentic products to nail product market fit before long.

→ The world of SEO and search marketing is experiencing a tectonic shift. It's a foregone conclusion: the "10 blue links" search result UI/UX is dead. Kevin Indig predicts that Google is just the flip of a button away from merging its "AI Mode" and its traditional search result interface - likely only slowed down by making sure they properly transition their ads business model into this new world. How do search marketers adapt? Indig explains how to think about it, "Why [do executives drop 7 figures to get a logo on an F1 car]? Influence. The belief that persistent visibility bends preference. SEO is crossing the same Rubicon." SEO - showing up as a result when people search for your product or for topics related to it - will continue to remain important. But it's going to be less about winning clicks, and more about winning brand mindshare in the corners of the internet that are important to your company.

→ Building on that insight, the recent Claude 4 full system prompt jailbreak highlights how Claude - and likely other competitors with "Research" and "Deep Research" capabilities - are configured to decide "to search the internet, or not to search?" For example, there is a clause to "Never search for queries about timeless info, fundamental concepts, or general knowledge that Claude can answer without searching." So all that SEO your company has been doing around basic facts like "what does CRM stand for?" is now useless: Claude won't even give your search result a chance, because it won't run a search. On the other hand, complex product research type questions might have even more (agentic) search volume in play now, as per Claude's prompt to: "Any query requiring BOTH web and internal tools falls here and needs at least 3 tool calls… use 2–20 tool calls depending on query complexity."

→ Anthropic published a deep dive follow-on explanation regarding its much-quoted note that Claude Opus 4 would resort to blackmailing its controlling user when equipped with certain tools. It's thorough and chilling: even though Anthropic's scenarios are designed as a stress test that is unlikely to occur in the real world, the scenarios do not feel contrived, and are likely to be even more possible as AI agents become more engrained in workflows and are given more leeway and permissions to perform end to end work.

→ On the security front, Simon Willison published an excellent breakdown of high level design patterns we can all use to ensure safety of LLM agents versus prompt injections. It is nontrivial to rearchitect systems with these principles in mind, but it does pave a path to a solution for the myriad security holes that folks have been poking in MCP and AI more broadly. One takeaway we liked: "LLM systems that hide what they are doing from me are inherently frustrating - they make it much harder for me to evaluate if they are doing a good job and spot when they make mistakes." Observability in an agentic world is a still hardly-explored frontier, and we hope to see a wave of commercial products entering the space to solve it.

→ We also liked Simon Willison's framing of the "lethal trifecta," a definition of the components that must exist for a situation where prompt injection exposes a massive security hole. (1) access to your private data, (2) exposure to untrusted content, and (3) the ability to externally communicate. This trifecta is relevant to all application engineers. No security harness by any thoughtful security team can protect you from it if you allow your users to have all three of these conditions true at once.

→ Hume AI presented a compelling framework for thinking about evals for MCP servers: using role-play-based evals. Although you can use traditional evals with MCP servers - tee up a scenario, run an LLM prompt with the MCP server's tools included, evaluate the response - this is inefficient, labor intensive, and of questionable value. It's like writing a unit test with a bunch of mocks on either side of the equation, when what you really want is an end-to-end or integration test. Hume AI proposes we leverage roleplaying and judgments on entire conversations as MCP server evals. We agree: it's the right "integration test" for this new MCP-forward world.

→ We've long been shouting that we want people to design their MCP servers thoughtfully, rather than generating them as 1:1 Tools with REST API endpoints. Block released a best practices playbook on designing high quality MCP servers, backed by their experience building 60+ MCP servers. We love this bit of concrete advice: "Think in terms of user workflows. Combine multiple internal API calls into a single high-level tool. If you're required to chain tool calls, make sure you clearly outline the steps & dependencies in your tool's instructions and the output of previous steps are concise."

Cheers,
Mike and Tadas