--- id: "question-enterprise-mcp-adoption" type: "open-question" source_timestamps: ["24:45:00", "25:10:00"] tags: ["enterprise-security", "policy"] related: ["claim-shadow-ai-usage", "concept-mcp"] resolutionPath: "Observation of how corporate IT departments update security policies regarding employee-owned MCP connections to enterprise AI instances." sources: ["s18-anthropic-openai-memory"] sourceVaultSlug: "s18-anthropic-openai-memory" originDay: 18 --- # Open Question: Enterprise IT response to external MCP servers ## The Question How will highly regulated enterprise IT departments respond to the BYOC (Bring Your Own Context) architecture built on [[concept-mcp]]? ## Body A major unresolved thread in [[entity-nate-b-jones]]'s thesis is enterprise IT's reaction. While the speaker advocates for professionals connecting their personal MCP servers ([[action-deploy-mcp-server]]) to corporate AI instances to maintain calibration, IT departments are notoriously risk-averse regarding external data connections. ## Two Plausible Futures 1. **Block:** Enterprises view personal MCP servers as a security vulnerability — a vector for **data exfiltration** (sensitive corporate context flowing out) or **prompt injection** (malicious content flowing in) — and block them outright. This would push BYOC even deeper underground, intensifying [[claim-shadow-ai-usage]] and producing exactly the kind of governance failure that the enrichment overlay's counter-perspectives warn about. 2. **Sanction:** Enterprises recognize the productivity benefits and establish secure protocols for employees to bring their own context — perhaps via signed/scoped MCP tokens, on-prem MCP gateways, or DLP-instrumented connectors. This path realizes the speaker's optimistic vision and makes [[concept-professional-capital]] a first-class HR asset. ## Resolution Path Observation of how corporate IT departments update security policies regarding employee-owned MCP connections to enterprise AI instances. Leading indicators to watch: - CISO guidance from major analyst firms (Gartner, Forrester) on personal-context-bring-your-own patterns. - Anthropic / OpenAI enterprise admin controls for third-party MCP connections. - DLP vendor support for MCP traffic inspection. ## Why It Matters The resolution of this tension will determine the viability of BYOC in corporate environments — and therefore whether the speaker's thesis becomes a niche personal-productivity hack or the dominant pattern of post-2026 knowledge work.