Accept all cookies
Cookie settings
×

We use cookies to improve your experience on our site. By using our site, you are agreeing to the collection and use of data as described in our Privacy Policy.

Cookie Settings×

Table of contents

H2 link
Add hundreds of integrations to your product through Merge’s Unified API
Get a demo
Just for you
Integrations for AI agents: what you need to know
What you need to know about the Model Context Protocol (MCP)

4 challenges of using the Model Context Protocol (MCP)

Jon Gitlin
Senior Content Marketing Manager
@Merge

MCP has quickly become a widely-adopted protocol for connecting AI agents with 3rd-party applications, but using it effectively can prove difficult.

We’ll break down some of the top issues to look out for based on our own experience in testing numerous MCP servers.

Improper and excessive tool calls

Many MCP servers were rushed to market because of internal and external pressures—whether they came from the C-suite, prospects, competitors, and so on.

This has lead many MCP servers to have vague or incomplete tool descriptions. 

Your AI agents will, in turn, struggle to determine the best tools to call based on a user’s input. And in many cases, your AI agents will either make the wrong tool call or make additional calls when it suspects that one of them is correct.

This can hurt your business and your customers in a combination of ways:

  • Your AI agents may inadvertently expose sensitive information (e.g., personally identifiable information) to unauthorized individuals
  • The agents are slowed down—causing the time-sensitive workflows they support to perform poorly
  • Your customers may see your AI agents make excessive tool calls—especially if they have to approve each. This can make your customers less motivated to use your agents
  • When a workflow breaks, the process of identifying the root cause and addressing it becomes more complex

Related: Best practices for using an MCP server

Poor maintenance 

MCP servers are often launched for marketing purposes; they help the MCP provider signal to the market that they’re keeping up with—and even on the cutting edge of—AI.

As a result, companies put little thought and resources into improving their MCP servers or fixing their bugs. This not only renders their servers ineffective but also risky to use with customers.

For example, you might use an MCP server that didn’t initially provide the correct schema definitions for sending invoices to clients for its “<code class="blog_inline-code">send_invoice</code>” tool—and the server still hasn’t addressed this.

If you and your customers are unaware of this issue, your customers can end up providing the incorrect parameters (e.g., you don’t include the currency), leading your AI agent to invoice end-users (your customers’ customers) by an inaccurate amount.

Security risks

Even if MCP servers have descriptive tools and are maintained properly, your AI agents can still accidentally expose sensitive information from them.

For example, a malicious actor could craft a prompt that manipulates the AI agent into revealing stored secrets, such as a customer’s API keys for several applications. 

The attacker could then potentially access sensitive data—whether it’s employee records in an HRIS, sales prospects in a CRM, or support tickets in a help desk system.

An MCP server can store API keys for several of your customers’ 3rd-party apps, making it a single point of failure

Another budding security risk is the rise of fraudulent MCP servers, which are effectively MCP servers created by hackers and built for the sole purpose of stealing credentials and leaking sensitive information.

These servers include tricks, like “Tool Poisoning,” which is an emerging attack class where malicious tool metadata is crafted to mislead LLMs into unsafe behavior (e.g., credential requests disguised as legitimate actions).

Given all of the potential security incidents from using MCP servers, it’s little surprise that we’ve seen issues crop up from prominent ones—such as GitHub’s MCP server—and fraudulent servers are springing up in all kinds of industries, such as a weather MCP.

Related: A guide to AI agent observability

Extensive testing 

The stakes for using performant MCP servers is high, so you’ll need to perform extensive tests on each to ensure it meets your performance requirements.

Unfortunately, testing MCP servers is complex and time intensive. 

It involves collecting sandbox data, documenting different test scenarios, measuring several metrics (as shown below), and analyzing the results.

How to calculate two important MCP server performance metrics—hit and success rates

Multiply this by all of the MCP servers you want to use and the amount of time and effort involved will only increase exponentially.

{{this-blog-only-cta}}

“It was the same process, go talk to their team, figure out their API. It was taking a lot of time. And then before we knew it, there was a laundry list of HR integrations being requested for our prospects and customers.”

Name
Position
Position
Jon Gitlin
Senior Content Marketing Manager
@Merge

Jon Gitlin is the Managing Editor of Merge's blog. He has several years of experience in the integration and automation space; before Merge, he worked at Workato, an integration platform as a service (iPaaS) solution, where he also managed the company's blog. In his free time he loves to watch soccer matches, go on long runs in parks, and explore local restaurants.

Read more

A2A vs MCP: how they overlap and differ

AI

6 SaaS integration platforms worth evaluating in 2025

Insights

Paycom API integration: everything you should know

Insights

Subscribe to the Merge Blog

Get stories from Merge straight to your inbox

Subscribe

Manage integrations with MCP servers effectively via Merge

Merge is building a new product to help you integrate your AI agents with MCP servers' tools and manage the connections. Learn more by signing up for our waitlist.

Sign up for waitlist

Get our best content every week

Our weekly newsletter provides the best practices you need to build high performing product integrations.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
But Merge isn’t just a Unified 
API product. Merge is an integration platform to also manage customer integrations.  gradient text
But Merge isn’t just a Unified 
API product. Merge is an integration platform to also manage customer integrations.  gradient text
But Merge isn’t just a Unified 
API product. Merge is an integration platform to also manage customer integrations.  gradient text
But Merge isn’t just a Unified 
API product. Merge is an integration platform to also manage customer integrations.  gradient text