Loading...
Loading...
Google’s Gemini Spark and Antigravity launch has pushed the Model Context Protocol (MCP) from niche to essential, promising seamless agent access to third‑party tools and enterprise systems. Vendors like Freshworks are embedding MCP gateways to let agents pull live context for ITSM automation, shifting the bottleneck from models to safe context access. At the same time, security firms such as Manifold are flagging thousands of risky or malicious MCP servers, and researchers warn of injection and supply‑chain threats as agents call external services. The result: rapid ecosystem growth with urgent operational and security work needed to harden MCP deployments for production.
MCP lets AI agents access live tools and enterprise data, changing integration and automation patterns for products and platforms. Tech teams must balance faster agent capabilities with new operational and security risks around external context access.
Dossier last updated: 2026-05-23 20:02:05
Google announced Gemini Spark — a cloud-based, always-on personal agent built on Gemini 3.5 and the Antigravity framework — and crucially said it will integrate with third-party tools via the Model Context Protocol (MCP). For MCP server operators, that endorsement turns an emerging open standard into a de facto integration channel for Google’s flagship agent, immediately exposing existing MCP-backed tools to Spark. Antigravity 2.0’s agent-first features (subagent orchestration, sandboxing, credential masking) and AI Edge Gallery’s MCP support (local reasoning with remote MCP tool calls) reinforce an ecosystem where agents routinely call external services. Operators must still handle platform-specific quirks and runtime edge cases to run MCP in production.
Google I/O highlighted Gemini Spark, a new personal AI agent that integrates natively with Google apps and reportedly runs on Gemini 3.5 Flash and a platform called Antigravity. Antigravity appears to be a suite including a desktop app, a Go-based CLI agent, an open-source Python SDK wrapping a closed-source Go binary, and a VS Code–fork IDE. Google says Spark will execute tasks in fresh, isolated ephemeral VMs within a managed, secure runtime with traffic routed through an Agent Gateway enforcing DLP and encrypted credentials. Simon Willison flags concerns about prompt-injection and agent security risks, and notes Google will replace the open-source Gemini CLI with a closed-source Antigravity CLI for subscription plans on June 18. This matters for enterprise security and developer tooling around Google’s AI ecosystem.
Freshworks announced Freddy AI Agent Studio at Refresh 2026 and embedded a Model Context Protocol (MCP) Gateway into Freshservice to let AI agents access live enterprise data without custom integrations. Freddy is a no-code environment that uses MCP to pull context from systems like Workday, Rippling, Notion, ClickUp, and Linear so agents can automate onboarding, payroll queries, and cross-department workflows in a single flow. The platform includes prebuilt domain agents, Teams/Slack integrations, a unified data layer with Freshservice ITAM and FireHydrant, and measurement tools (AI Insights and xLAs) to track outcome-based service metrics. This shifts the bottleneck from models to context access, promising faster, contextual automation for ITSM and employee self-service.
Manifold Security expanded its Manifest supply-chain intelligence to score over 7,700 Model Context Protocol (MCP) servers from the official registry, flagging a fast-growing audit gap in agent-to-tool infrastructure. Manifest computes a composite score from a Lineage Score (publisher provenance and traceability) and a Safety Score (behavioral analysis of tool descriptions to detect prompt injection and manipulative instructions). Manifold’s research found tangible threats—hundreds of malicious agent skills and thousands of problematic entries across registries—highlighting risks where compromised MCP servers can steer AI agents, exfiltrate data, or bypass safety guards. The scoring offers security teams a ranked signal to vet servers before enterprise integration, addressing a new, high-impact supply-chain attack surface.