🎙️ Episode 32507:28 • July 14, 2026
MCP Goes Stateless: The 2026-07-28 Spec Explained
Listen to this episode
AI-generated discussion by Alex and Jamie
About this episode
Join Alex and Jamie in this episode of Nerd Level Tech AI Cast as they dive into the groundbreaking Model Context Protocol (MCP) 2026-07-28, exploring its shift to a stateless architecture. Discover how this transformation promises to revolutionize AI integration with business tools, making systems more scalable and efficient—while also uncovering the potential challenges of managing state on the client side. Whether you're a seasoned techie or a curious newcomer, this lively discussion will keep you informed and entertained!
Transcript
[Alex]: Welcome back, tech nerds! You’re listening to Nerd Level Tech AI Cast, where we dissect the future of AI, one protocol change at a time. I’m Alex, your resident protocol-obsessive, and with me as always is Jamie, the only person I know who can turn OAuth into a stand-up comedy routine. [Jamie]: Hey, someone’s gotta keep you from making this sound like a spec review meeting, Alex! [PAUSE] But seriously, if you’re new here, I’m Jamie—I ask all the questions our listeners are probably thinking but might be too afraid to ask at their next sprint review. [Alex]: And today, we’re sinking our teeth into the MCP 2026-07-28 spec. No, that’s not a Star Wars droid; it’s the Model Context Protocol—the backbone for connecting AI agents to business tools. And, big news: it’s going stateless, which is a bigger deal than when they took the headphone jack off smartphones. [Jamie]: Oh no, not the headphone jack! But wait—stateless? Does that mean I don’t have to remember my state anymore? Because I barely remember where I parked my car. [Alex]: [Chuckles] If only. In tech, stateless means the server doesn’t remember anything about you between requests. No more session handshakes pinning your client to a particular server instance. Imagine being able to go through any checkout line at the grocery store, instead of getting stuck behind the person writing a check. [Jamie]: So, basically, any MCP server in the pool can handle my requests, no matter which one I talked to first? That sounds... way more scalable, but is there a catch? [Alex]: Exactly! Now, MCP can scale behind a regular round-robin load balancer. No sticky sessions, no shared session store, no more “please hold while we find your session.” [PAUSE] But, you’re right—there are always catches. For one, the protocol-level sessions are gone, so now state—like, say, your basket in an online shop—is handled with explicit IDs that the client has to keep track of and send back every time. [Jamie]: So instead of the server quietly remembering my basket for me, it hands me a “basket_id” and says, “Don’t lose this, or you’re shopping all over again”? [Alex]: [Laughs] Pretty much! It’s making the state visible to the AI agent, not hiding it in the protocol metadata. It’s like your mom pinning your house key to your jacket so you don’t lose it at recess. [Jamie]: I would’ve lost it anyway. So, what else is changing with this new spec? [Alex]: Alongside statelessness, the big headline is Enterprise-Managed Authorization, or EMA. Remember the days of clicking through a hundred OAuth consent screens, one for every tool? [Jamie]: My mouse finger still hurts from that. [Alex]: Right? EMA fixes that. Now, your company’s identity provider—think Okta, for example—handles all the access. You log in once, and boom, all your MCP connectors are authorized for you, based on your role and group. [Jamie]: So, IT admins rejoice, and users don’t have to click “Allow” until their mouse explodes. But does that mean the organization can see everything I do with the agent? [Alex]: Good question. EMA only covers whether you can connect to a server and at what scope. It doesn’t watch what your agent does after it’s in. So, enterprises still need their own controls for agent actions. [Jamie]: Got it. It’s like checking your badge at the door; after that, what you do in the building is another story. [Alex]: Exactly. Oh, and EMA already has big names on board—Okta, Anthropic, Visual Studio Code, Asana, Atlassian, Canva, Figma, Granola, Linear, Supabase, and Slack is on the way. [Jamie]: “Logging in once and everything just works”—finally, something in enterprise IT that sounds like magic instead of a support ticket. [Alex]: [PAUSE] Now, let’s talk extensions. The new spec formalizes an extensions framework, and two extensions ship with this release: MCP Apps and Tasks. [Jamie]: Apps and Tasks—sounds like my to-do list. What do these actually do? [Alex]: MCP Apps lets servers ship interactive HTML UIs that render inside a sandboxed iframe. So, tools can have rich interfaces, but the host can review and cache them before letting anything run. Every action still goes through the same JSON-RPC audit path, so it’s secure. [Jamie]: Let me guess—this means I get all the shiny new UIs, but the security team doesn’t have to panic about rogue JavaScript... as much? [Alex]: [Laughs] Pretty much. And the Tasks extension lets a server hand you a “task handle” for longer-running jobs. The client can then drive it forward, update, or cancel. But heads up: anyone who built against the old experimental Tasks API has some migration work ahead. [Jamie]: So, if I’m still using last year’s beta Tasks, it’s time to refactor. My favorite! [Alex]: [PAUSE] Speaking of refactoring, there are six authorization changes that’ll make OAuth and OpenID Connect folks happy. From issuer validation to explicit application types, credential binding, and refresh token details—lots of little fixes that plug some real-world holes. [Jamie]: And did I hear something about error codes changing? Because if I have to grep through all my code for a new error number again... [Alex]: Sorry, Jamie. The classic -32002 is out, and the JSON-RPC standard -32602 is in. Time to fire up that global search and replace. [Jamie]: [Groans] My favorite Friday night activity. [Alex]: Now, before everyone rushes to upgrade, security researchers—especially Akamai—are waving some red flags. The stateless model ends session hijacking, but it does mean that a predictable state handle, like an easy-to-guess basket_id, could let an attacker hijack a workflow. And if devs accidentally stuff sensitive data into the new headers, those values could leak all over your network path. [Jamie]: So, as always, the protocol can only save us from ourselves so much. [Alex]: Pretty much. Security boundaries are now all about how well you implement them. Oh, and don’t forget about possible cross-site scripting in MCP Apps, or tasks being used as a denial-of-service vector. [Jamie]: So, it’s not just “upgrade and chill.” You actually need to review your implementations, maybe dust off the threat model, and make sure you’re not opening any new doors for attackers. [Alex]: Exactly. But the good news is, nothing breaks on July 28. Adoption is opt-in—so you can test the beta SDKs, run real traffic, and pin your versions if you need to. There’s even a handy checklist: install a beta SDK, run your tests, and review your security posture. [Jamie]: And maybe write your own sticky note: “Don’t panic. July 28 is just the spec publication, not a forced upgrade.” [Alex]: [Laughs] Perfect. That’s actually how I label all my calendar invites. [Jamie]: Well, Alex, thanks for making a protocol update sound like a summer blockbuster. And thanks to all our listeners for tuning into Nerd Level Tech AI Cast! If you liked what you heard, hit subscribe, leave us a review, and—if you’re feeling brave—tell us how you’re prepping for MCP 2026-07-28. [Alex]: We’ll be back next week with more deep dives, bad jokes, and hopefully fewer deprecated features. Until then, keep it nerdy! [OUTRO MUSIC FADES OUT]