MCP Foundation 2026 — Linux Foundation, AAIF, and What MCP Governance Means

TL;DR

• What: Anthropic donated the Model Context Protocol to the Linux Foundation. MCP becomes a founding project of the new Agentic AI Foundation (AAIF), a directed fund hosted by the Linux Foundation.
• When: December 9, 2025. Co-announced by Anthropic, Block, OpenAI, and the Linux Foundation.
• Who else: Block contributed goose; OpenAI contributed AGENTS.md. Platinum founding members: AWS, Anthropic, Block, Bloomberg, Cloudflare, Google, Microsoft, OpenAI.
• What changed governance-wise: the protocol’s legal home is now “Model Context Protocol a Series of LF Projects, LLC”; contributions are licensed under Apache 2.0; the AAIF Governing Board handles strategic investment.
• What did not change: the maintainer hierarchy (Lead → Core → Maintainers → Contributors), the SEP process, the Discord, the GitHub organisation, the decision cadence. Anthropic is explicit that the governance model is unchanged.
• Roadmap (2026): stateless transport evolution, Tasks primitive maturation, governance formalisation via a Contributor Ladder SEP, and an Enterprise WG focused on audit, SSO, gateway patterns, and configuration portability.

What was actually donated — and what wasn’t

The single most common question on the December 9 Hacker News thread was some version of: okay, but what specifically changed hands? The answer is more concrete than the press copy makes it sound. Three things moved into foundation stewardship:

1. The specification. The MCP spec is now developed under the umbrella of “Model Context Protocol a Series of LF Projects, LLC,” the legal vehicle the Linux Foundation uses for its hosted projects. The phrasing comes from the project’s own governance page — “Model Context Protocol has been established as Model Context Protocol a Series of LF Projects, LLC. Policies applicable to Model Context Protocol and participants in Model Context Protocol, including guidelines on the usage of trademarks, are located at lfprojects.org/policies.”
2. The license posture. All code and specification contributions go in under Apache License 2.0; documentation under Creative Commons Attribution 4.0 International. Contributors retain copyright in their own work — no CLA-style assignment to a single company. This is the standard LF Projects shape and it is the structural difference that lets Microsoft, AWS, and Google contribute at scale without strategic risk.
3. The trademark and brand surface. The “MCP” and “Model Context Protocol” marks fall under LF Projects, LLC’s trademark policy. Anthropic can no longer rev the brand unilaterally; the flip side is that nobody can — the foundation speaks for the trademark.

What did not move:

• Anthropic’s implementations. Claude, Claude Code, the Claude API, and Anthropic-operated MCP servers stay with Anthropic. The MCP spec is the contract; the implementations are independent products.
• Vendor MCP servers. The hundreds of third-party servers in the wild — including the catalog on this site — keep their own licenses, repos, and ownership. The foundation owns the protocol, not the ecosystem.
• The MCP Registry as a service. The registry effort is still community-driven (GitHub’s Toby Padilla has been the most-public lead on it). The registry data format is part of the spec; how any individual organisation hosts a registry is an implementation choice.

The cleanest framing: the protocol is foundation property; everything that uses the protocol stays where it was. If you ship an MCP server today, nothing about your deployment changed on December 9. What changed is who gets to define the next version of the wire format you ship against.

The announcement, verbatim

Three primary documents went out simultaneously on December 9, 2025: Anthropic’s news post, the Linux Foundation press release, and a post on blog.modelcontextprotocol.io from Lead Maintainer David Soria Parra. The most-cited quotes, verbatim with attribution:

“MCP started as an internal project to solve a problem our own teams were facing. When we open sourced it in November 2024, we hoped other developers would find it as useful as we did. A year later, it’s become the industry standard for connecting AI systems to data and tools, used by developers building with the most popular agentic coding tools and enterprises deploying on AWS, Google Cloud, and Azure. Donating MCP to the Linux Foundation as part of the AAIF ensures it stays open, neutral, and community-driven as it becomes critical infrastructure for AI.”

— Mike Krieger, Chief Product Officer, Anthropic. (Anthropic news, Dec 9 2025)

“We are seeing AI enter a new phase, as conversational systems shift to autonomous agents that can work together. Within just one year, MCP, AGENTS.md and goose have become essential tools for developers building this new class of agentic technologies. Bringing these projects together under the AAIF ensures they can grow with the transparency and stability that only open governance provides. The Linux Foundation is proud to serve as the neutral home where they will continue to build AI infrastructure the world will rely on.”

— Jim Zemlin, Executive Director, Linux Foundation. (LF press release, Dec 9 2025)

“We’re at a critical moment for AI. The technology that will define the next decade, that promises to be the biggest engine of economic growth since the Internet, can either remain closed and proprietary for the benefit of few, or be driven by open standards, open protocols, and open access for the benefit of all. By establishing the AAIF, Block and this group of industry leaders are taking a stand for openness.”

— Manik Surtani, Head of Open Source, Block.

“For AI agents to reach their full potential, developers and enterprises need trustworthy infrastructure and accessible tools to build on. By co-founding the AAIF and donating AGENTS.md, we’re helping establish open, transparent practices that make AI agent development more predictable, interoperable, and safe.”

— Nick Cooper, Member of the Technical Staff, OpenAI.

“Open standards and protocols like MCP are essential to enabling a thriving developer ecosystem for building agents — they ensure anyone can build agents, across platforms, without the fear of vendor lock-in. Since the introduction of MCP we’ve been collaborating closely with Anthropic to be among one of the first in the industry to support remote MCP. We’ve seen an explosion of remote MCP servers, many of them built on and deployed to Cloudflare over the past year.”

— Dane Knecht, Chief Technology Officer, Cloudflare.

“At Bloomberg, we view MCP as a foundational building block for APIs in the era of agentic AI. MCP provides the essential connective layer required in our work building and deploying agentic AI systems for finance that do far more than simple question-answering.”

— Shawn Edwards, Chief Technology Officer, Bloomberg.

The named-executive lineup matters. Anthropic put its CPO on the announcement (Krieger, not a research-side leader); the Linux Foundation put its founding executive director (Zemlin) on the record; Bloomberg put their CTO on the record. That’s the level of corporate seniority you see when a project is being institutionalised, not when it’s being quietly handed off.

Anthropic gave MCP to the Linux Foundation

Theo - t3.gg · click to play

What the AAIF is — and isn’t

The Agentic AI Foundation is, structurally, a directed fund under the Linux Foundation. The official mission, verbatim from aaif.io: “The neutral and open foundation built on transparency, collaboration, and standardization to advance the public interest in agentic AI innovation.” The press release sharpens it: “The AAIF provides a neutral, open foundation to ensure this critical capability evolves transparently, collaboratively, and in ways that advance the adoption of leading open source AI projects.”

Founding projects. Three:

• Model Context Protocol (MCP) from Anthropic — protocol for connecting AI models to tools and data.
• goose from Block — open-source local-first AI agent framework with native MCP integration. Block’s framing: goose is “a reference implementation for Anthropic’s Model Context Protocol (MCP).”
• AGENTS.md from OpenAI — a simple convention for a markdown file at the repo root that gives AI coding agents project-specific guidance. OpenAI describes it as “a standardized location for providing context and instructions for AI coding agents.”

Founding members (Platinum): Amazon Web Services, Anthropic, Block, Bloomberg, Cloudflare, Google, Microsoft, OpenAI. Gold: Adyen, Arcade.dev, Cisco, Datadog, Docker, Ericsson, IBM, JetBrains, Okta, Oracle, Runlayer, Salesforce, SAP, Shopify, Snowflake, Temporal, Tetrate, Twilio. Silver: a long tail including Apify, Chronosphere, Cosmonic, Elasticsearch, Hugging Face, Mirantis, Pydantic, Solo.io, SUSE, Uber, WorkOS, Zapier, ZED, and more.

Governance entities, per aaif.io: Governing Board, Technical Committee, Members. Specific officer names — chair, treasurer, executive director — were not yet published on the AAIF homepage at the time this post went live; we are not going to invent them. Watch aaif.io for the formal slate.

Cadence commitments. Two events on the public calendar: MCP Dev Summit North America, April 2–3, 2026, in New York City; MCP Dev Summit Europe 2026, location and dates TBA. The summits pre-date the foundation but now sit under its event umbrella.

What the AAIF is not. It is not a certification body (yet). It is not a policy lobbying group. It is not the OpenAI “Agentic AI” safety programme — there is no rival foundation; OpenAI is a co-founder of this one. It is also not a CNCF-style top-level foundation with graduation tiers and a Technical Oversight Committee; the directed-fund structure is lighter, faster, and narrower in scope.

MCP governance — what changed, what didn’t

The most important sentence in the entire announcement, from Anthropic: “The Model Context Protocol’s governance model will remain unchanged: the project’s maintainers will continue to prioritize community input and transparent decision-making.” The MCP project already had a structure; the foundation transition formalised it rather than replacing it.

The current hierarchy (from modelcontextprotocol.io/community/governance):

Two governance facts that matter for procurement reviews:

1. Membership is individual, not corporate. The governance page is explicit: “Membership in the technical governance process is for individuals, not companies. That is, there are no seats reserved for specific companies, and membership is associated with the person rather than the company employing that person.” Compare with W3C, where working group seats are organisation-allocated. MCP is closer to the Python / PyTorch BDFL model.
2. Maintainers do not bypass the PR workflow. Same page: “Maintainers, Core Maintainers, and Lead Maintainers should use the same contribution process as external contributors, rather than making direct changes to repos.” This is a strong commitment to auditable history.

The April 8, 2026 maintainer expansion announced on the MCP blog confirmed two changes since the foundation transition: Den Delimarsky promoted from Core to Lead Maintainer (so MCP now has two Lead Maintainers, not one), and Clare Liguori added to the Core Maintainer group. David Soria Parra, in his post: “the goal was to make sure the protocol could keep growing without any one person becoming a bottleneck.”

The two-tier governance reality for an enterprise reviewer is: the AAIF Governing Board allocates strategic resources (events, infrastructure, neutral hosting) across MCP, goose, and AGENTS.md; the MCP Steering Group (Lead Maintainers + Core Maintainers + Maintainers) decides what goes into the spec. The two layers are decoupled. A Bloomberg or AWS engineer cannot get a SEP merged by escalating through their company’s AAIF Platinum seat — they have to ship code, file a SEP, and earn merit-based influence on the technical side.

The 2026 MCP roadmap

The published roadmap at modelcontextprotocol.io/development/roadmap (last updated 2026-03-05) names four priority areas. Each is owned by a Working Group; SEPs aligned to a priority area get expedited review.

1. Transport Evolution and Scalability

Streamable HTTP shipped, but running it at scale exposed gaps. The Transports WG owns three deliverables: a next-generation transport that is stateless across multiple server instances and behaves correctly behind load balancers and proxies; a session model that handles creation, resumption, and migration cleanly across server restarts; and MCP Server Cards — “a standard for exposing structured server metadata via a .well-known URL, so browsers, crawlers, and registries can discover a server’s capabilities without connecting to it.” The Server Card WG coordinates with the broader industry AI-catalog effort. Notably: no additional official transports this cycle. The community can experiment with custom transports.

2. Agent Communication

The Tasks primitive (SEP-1686) gave agents a call-now / fetch-later pattern. Production deployments surfaced two gaps the Agents WG is closing: retry semantics on transient failures, and expiry policies for completed-but-not-fetched results.

3. Governance Maturation

The Governance WG owns three deliverables: a Contributor Ladder SEP that codifies the path from community participant to lead maintainer; a delegation model letting Working Groups with track records accept SEPs and ship extensions without a full core-maintainer review cycle; and a charter template that every WG and IG maintains publicly with quarterly reviews. SEP-1302 already formalised Working Groups and Interest Groups; SEP-2085 established succession and amendment procedures.

4. Enterprise Readiness

An Enterprise WG is in formation. Scope: end-to-end audit trails fed into existing logging pipelines; SSO-integrated auth flows (Cross-App Access) replacing static client secrets; gateway and proxy patterns covering authorization propagation and session semantics; and configuration portability — “a way to configure a server once and have that configuration work across different MCP clients.” Most output will land as extensions rather than core spec changes. This is the WG that procurement teams should track most closely.

On the horizon (community-formed WGs welcome but not core-funded): Triggers and Event-Driven Updates (webhooks vs SSE polling); streamed and reference-based result types; finer-grained authorization scopes plus a community-driven vulnerability disclosure program routed through the Linux Foundation; and the extensions ecosystem including a possible Skills primitive. SEP-1932 (DPoP) and SEP-1933 (Workload Identity Federation) are sponsored work already in flight on the security side.

Validation as a continuous track: Conformance Test Suites with coverage expanding alongside each new feature area; the SDK Tier system from SEP-1730 signaling which SDKs track the spec most closely; Reference Implementations for new features.

The roadmap’s tonal shift is worth flagging. Pre-foundation MCP roadmaps emphasised primitives (resources, prompts, tools, sampling) and transport plumbing. The May 2026 version is overwhelmingly about operational maturity: scaling, governance formalisation, enterprise auth, conformance. That is what foundation-stewarded specs do — they stop chasing surface area and start hardening what shipped.

Comparable Linux Foundation projects — what to borrow, what to avoid

Three precedents worth comparing. None of them maps perfectly, but each tells you what a successful (or unsuccessful) LF project looks like a few years in.

What to borrow from OpenAPI. OpenAPI shows that a single specification donated into a neutral home can become the de-facto industry standard within two to three years if every major toolchain implements it. The risk is that without an active maintainer team, the spec slows to a crawl; OpenAPI 3.1 took until 2021 to ship after OpenAPI 3.0 landed in 2017. MCP’s active SEP cadence and bi-weekly Core Maintainer meetings are the structural defence against that slowdown.

What to learn from CNCF. CNCF is the success story for cloud-native infrastructure but it is also a cautionary tale about scope sprawl. By 2022 CNCF was hosting 150+ projects with overlapping mandates, and the graduation pipeline became the main way to signal which projects were serious. The AAIF’s decision to launch with three founding projects rather than thirty is deliberate: keep the surface small, let MCP harden, then graduate or recruit.

Where OpenJS is the better mental model. OpenJS handles a small set of wildly important projects (Node.js, Electron, Webpack) with a maintainer-collective tone — light governance, heavy practical infrastructure support. The AAIF’s combination of three projects, eight Platinum members, and a stated emphasis on neutral stewardship reads more like OpenJS than like CNCF.

The CTO of the Linux Foundation framing in the TechCrunch coverage was Jim Zemlin’s acknowledgement (paraphrased by reporter Rebecca Bellan) that “a single company’s implementation could dominate through speed or usage rather than governance — though he cited Kubernetes as precedent for merit-based dominance in open ecosystems.” That is exactly the right framing: the foundation does not guarantee a competitive market in implementations, only a neutral spec.

Implications for enterprises

Five concrete things change for enterprise procurement and architecture review boards in 2026.

Implications for developers

If you write MCP servers or clients, four practical changes:

1. Track the SEPs, not the press releases. Specification changes happen via SEPs in github.com/modelcontextprotocol. If you have an opinion on the next transport, the Tasks primitive’s retry semantics, or extension governance, the SEP comment thread is where decisions land. The Discord amplifies discussion but does not commit anything.
2. Working Group participation is open. No reserved company seats. If you can show up consistently to the Transports WG, the Agents WG, the Governance WG, or the in-formation Enterprise WG, you have the same influence on technical direction as a Microsoft principal engineer would. The Contributor Ladder SEP will codify the advancement path into Maintainer roles.
3. Apache 2.0 is the contribution license. Plan your repo licenses accordingly if you intend to upstream code. Documentation goes under CC BY 4.0. There is an exception process for inbound contributions under alternative licenses, approved by the Core Maintainers.
4. Watch the conformance test suite. The validation track is where the rubber meets the road for “is my SDK actually compliant.” If you maintain a community SDK (Go, Rust, Elixir), the conformance suite is the thing to watch. SDK Tiering from SEP-1730 will be the public signal of compliance.

Implications for vendors

Each major member has a different reason to be here, and the strategic incentives shape what each will push for in the Working Groups.

• Anthropic wanted neutrality so MCP could be adopted by clients (OpenAI, Microsoft, Google) that could not have invested behind an Anthropic-owned protocol. Krieger’s line about MCP becoming “critical infrastructure” is a signal that Anthropic wants the protocol to outgrow its origin.
• OpenAI needed AGENTS.md to land as an industry-wide convention rather than as “the OpenAI thing.” Co-founding the AAIF with Anthropic is genuinely surprising given the competitive backdrop; Cooper’s framing on “trustworthy infrastructure” is the public-interest cover for what is also a commercially convenient outcome.
• Microsoft ships MCP in VS Code, Copilot, and Azure. Chris DiBona, VP, Office of the CTO at Microsoft, on the announcement: “For the agentic future to become a reality, we have to build it together, and we have to build it in the open.” Microsoft has the largest active deployment surface and will push hard on Enterprise WG outputs.
• Google backs the AAIF via Richard Seroter, Chief Evangelist and Head of Open Source Programs at Google Cloud. Google’s incentive is making sure Vertex AI and Gemini interoperate with the same protocol every other client uses.
• AWS via Swami Sivasubramanian, VP of Agentic AI: “We’re excited to see the Linux Foundation establish the Agentic AI Foundation, providing a neutral home for the Model Context Protocol as it becomes critical infrastructure for the AI community.” AWS ships MCP in Bedrock and Strands; their interest is procurement-grade neutrality.
• Cloudflare already runs the largest remote-MCP deployment surface (hundreds of customer-built servers on Workers). Knecht: “Joining the Agentic AI Foundation will enable Cloudflare to continue our work to support standards and push the ecosystem forward with new ideas like Code Mode.” Cloudflare has a vested interest in transport scalability — see our Code Mode & context bloat deep-dive.
• Bloomberg is the highest-signal enterprise founder. Edwards: MCP is “a foundational building block for APIs in the era of agentic AI.” Bloomberg will drive the regulated-finance variant of the Enterprise WG’s output.
• Block brought goose; Surtani’s “biggest engine of economic growth since the Internet” framing is the most political quote in the whole press release. Block’s incentive is making sure agentic AI does not consolidate around the major model providers’ closed surfaces.

Notable absences from the founding member list: Apple, Meta, Nvidia, Databricks, the major Chinese model providers (Alibaba, Baidu, ByteDance, DeepSeek, Moonshot, Zhipu). LF Foundation memberships expand over time, so this is a snapshot rather than a refusal — but the December 2025 absence is telling. Nvidia in particular is conspicuous given its CUDA-era playbook of investing in every relevant open-source surface.

The skeptic’s read

Three reasons to be cautious about the foundation framing.

1. Governance committees can slow innovation. The pre-foundation MCP cadence was extremely fast — major primitives shipped roughly every six weeks through 2025. Bi-weekly Core Maintainer meetings, formal SEPs for every spec change, and Working Group charters are structural drag. The risk is not that MCP stops shipping — it is that the next breakthrough primitive arrives 18 months after it would have under the old model. OpenAPI 3.1’s four-year gap after 3.0 is the cautionary tale.
2. The foundation legitimises a corporate cartel. The Platinum tier is, structurally, an $875,000-per-year membership cheque (typical LF Platinum level — the AAIF has not published its specific tiers). The eight Platinum founders happen to be the eight companies that had MCP in production at scale at launch. Critics on Hacker News framed this as capture-by-incumbents: the protocol becomes whatever the Platinum members agree it is, with the maintainer team serving as a technical façade. The structural defence is the “membership is individual, not corporate” rule, but the budget flow is corporate.
3. The roadmap underweights security. Security shows up in the “On the Horizon” section — community-formed WG welcome, but not core-funded. Given the OX Security disclosure of up to 200,000 vulnerable instances earlier in 2026, treating vulnerability disclosure as a horizon item rather than a Priority Area is questionable. The counterargument: SEP-1932 (DPoP) and SEP-1933 (Workload Identity Federation) are already sponsored work. The cynic’s read: that’s what every standards body says about security right up until the next major incident.

The honest conclusion: foundation governance is the right shape for a protocol that is becoming critical infrastructure, but the pre-foundation MCP team had built unusual velocity, and some of that velocity will be traded for legitimacy. Whether that trade is worth it depends on whether MCP’s next two years look like Kubernetes’ first two years inside CNCF (huge) or like OpenAPI’s second cycle (slow).

Community signal

Three voices that capture the range of reactions, verbatim with sources.

Anthropic Donates MCP to New Agentic AI Foundation

The AI Daily Brief: Artificial Intelligence News · click to play

Frequently asked questions

Sources

Primary documents (December 9, 2025)

• anthropic.com/news — Donating the Model Context Protocol
• linuxfoundation.org/press — Linux Foundation Announces AAIF Formation
• blog.modelcontextprotocol.io — MCP joins the Agentic AI Foundation (David Soria Parra)
• aaif.io — Foundation homepage
• aaif.io/press — full member list and quotes
• block.xyz/inside — Block, Anthropic, and OpenAI Launch the Agentic AI Foundation

MCP project sources

• modelcontextprotocol.io/community/governance — Lead/Core Maintainer roster, decision process, license posture
• modelcontextprotocol.io/development/roadmap — 2026 priority areas (last updated 2026-03-05)
• blog.modelcontextprotocol.io — Expanding the MCP Maintainer Team (April 8, 2026)
• github.com/modelcontextprotocol — repos, SEPs, MAINTAINERS.md

Press coverage and analysis

• github.blog — MCP joins the Linux Foundation (Martin Woodward, GitHub VP of Developer Relations)
• TechCrunch — OpenAI, Anthropic, and Block join new Linux Foundation effort (Rebecca Bellan, Dec 9 2025)
• The New Stack — Anthropic Donates the MCP Protocol
• Solo.io — Why the AAIF Changes Everything for MCP
• Privacy Guides — independent coverage

Comparable LF projects

• OpenAPI Initiative — closest precedent for spec-only LF working group
• Cloud Native Computing Foundation (CNCF) — top-level foundation pattern
• OpenJS Foundation — maintainer-collective umbrella pattern

Related reading on this site

• /blog/what-is-mcp — protocol primer
• /blog/mcp-security-200000-exposed-servers-owasp-mcp-top-10-cves — current threat landscape
• /blog/mcp-context-bloat-fix-2026-tool-search-code-mode-progressive-disclosure — Cloudflare Code Mode and context optimisation
• /blog/mcp-apps-spec-2026-when-should-your-server-render-ui — Apps spec and UI rendering
• /blog/claude-skills-vs-mcp-vs-subagents-vs-cli-2026-decision-matrix
• /blog/context7-vs-deepwiki-vs-ref-vs-docfork-2026 — docs-RAG MCP server comparison
• /blog/karpathy-claude-md-annotated-2026
• /servers/mcp-registry — official MCP registry server
• /servers/cloudflare — Cloudflare MCP servers
• /servers/github — GitHub MCP server
• /servers — browse the full MCP server directory
• /best-mcp-servers — curated roundup