Arcade.dev, the sole provider of the MCP runtime, unveiled its groundbreaking URL Elicitation feature, marking a significant leap toward making Anthropic’s Model Context Protocol (MCP) enterprise-ready. With this new functionality, users can now securely interact with any web-based service directly from their MCP server, enabling smooth authorization with enterprise tools, managing payments and subscriptions, and safely collecting sensitive or personal information. In collaboration with Anthropic, Arcade authored a Specification Enhancement Proposal (SEP) that standardizes this secure flow, and it has already been incorporated into the latest MCP specification.
As AI agents advance in complexity, the demand for robust protocols rises, positioning MCP as the emerging open standard for connecting AI agents to real-world tools and services. However, until now, MCP faced a critical limitation: it lacked a secure method for agents to authorize the applications that users depend on daily. This missing link has long prevented AI assistants from taking real-world actions. While AI could converse endlessly, it couldn’t send emails, update calendars, or perform other practical tasks since MCP had no secure login mechanism. Arcade’s SEP addresses this challenge.
AI Authority Trend: Salt Security Launches Industry-First MCP Finder to Strengthen AI Agent Security
“Tool authorization has been the missing piece that’s blocked MCP from being an enterprise-ready protocol,” said Alex Salazar, founder of Arcade.dev. “Our contribution gives MCP servers secure access to user applications using proven OAuth 2.0 auth patterns, which is the same security framework that has protected billions of online interactions for over 15 years.”
Arcade’s innovative URL Elicitation, co-developed with Anthropic, allows an MCP server to generate a secure login page in the user’s browser. Users log in directly with services such as Gmail or Slack, granting the AI agent only the specific permissions required for tasks.
AI Authority Trend: TrojAI Unveils New Runtime Defense to Secure Agentic AI Workflows on MCP
This advancement empowers enterprise AI teams to deploy agents capable of interacting with real data and integrating with core business systems, while ensuring sensitive credentials never traverse the AI model. Instead, credentials flow securely between trusted servers via OAuth 2.0 the same framework that underpins online banking, e-commerce, and enterprise applications. The AI application receives only the access tokens necessary to complete tasks, and users retain full control over permissions through existing app settings.
Arcade’s SEP is now being adopted into the official MCP specification, SDKs, and popular clients. MCP servers built on Arcade’s open-source secure MCP framework already support URL Elicitation, with other server frameworks expected to follow. This milestone continues Arcade’s momentum in preparing MCP for enterprise production use. After launching the first MCP runtime earlier this year, Arcade introduced a secure framework for building custom MCP tools with OAuth integration and an MCP Gateway that enables access to Arcade’s catalog of high-accuracy, secure tools from popular MCP clients like Cursor. Today, some of the world’s largest enterprises rely on Arcade’s MCP runtime to deploy AI agents capable of secure, scalable actions across any system and for countless users.
AI Authority Trend: Prowler Redefines Cloud Security with Launch of ProwlerLighthouse AI and MCP Server
To share your insights, please write to us at info@intentamplify.com
