April 28, 2026
ThoughtWorks Technology Radar Volume 34, released on April 1, 2026, moved MCP by default to "Caution." Yesterday, Frank Fiegel, maintainer of awesome-mcp-servers, announced that Glama directory will drop security grading due to concerns about providing false-safety. Maryam Miradi, PhD, highlighted researchers using AI Agents for water supply management for 40 million people across seven U.S. states. Dr. Milan Milanović shared insights on Neoclouds as GPU-first providers reducing AI workload costs by up to 85%.
🔧 Spec & SDK
No new items regarding spec changes, SDK releases, or breaking changes for MCP servers were identified yesterday.
Why it matters: The absence of updates in this section suggests a period of stability for MCP server builders, with no immediate code changes required due to protocol or SDK modifications.
🏗️ Builder Patterns
Yesterday, Frank Fiegel, maintainer of awesome-mcp-servers, announced that the Glama directory will drop security grading from its listings. Fiegel explained that static code analysis alone is insufficient to guarantee safety, as a "perfectly secure" server can still be misused. Moving forward, Glama will focus on observing server behavior and usage patterns to identify malicious actors. Dr. Milan Milanović, of Railway, emphasized the need for more careful constraints in agent architecture to prevent data exfiltration, noting that Railway successfully restored data in a recent incident. Maryam Miradi, PhD, shared a practical application of AI agents in managing water supply for 40 million people across seven U.S. states, where agents forecast water flow hourly and provide five to seven days of advance flood warnings. Dr. Milan Milanović also detailed the rise of "Neoclouds" like CrusoeAI and CoreWeave, which are purpose-built, GPU-first cloud providers offering bare-metal performance and up to 85% cost reduction for AI workloads compared to hyperscalers.
Why it matters: These developments suggest a growing emphasis on dynamic security monitoring for MCP servers, a need for robust architectural constraints to prevent data misuse, and the emergence of specialized cloud infrastructure (Neoclouds) that could significantly reduce operational costs for AI-intensive MCP deployments.
📄 Research
Yesterday, Dr. Milan Milanović highlighted the release of ThoughtWorks Technology Radar Volume 34, which was published on April 1, 2026. This edition marks two significant shifts: "Claude Code" moved to "Adopt," while "MCP by default" moved to "Caution." The report also emphasized that evaluating technology is becoming harder due to semantic diffusion and the rapid pace of tool development, leading to potential "codebase cognitive debt" from AI-generated code. Priyanka Vergadia also released an "AI Harness Engineering Interview Preparation Handbook" on January 1, 2026, covering critical areas for production AI agents such as Runtime, Control Layer, Guardrails, MCP, Evals, and Observability.
Why it matters: The shift of "MCP by default" to "Caution" in the ThoughtWorks Technology Radar signals a need for builders to carefully evaluate and implement MCP solutions, emphasizing the importance of robust harness engineering and a deep understanding of AI-generated code to mitigate cognitive debt.
So What?
MCP server builders should investigate the new security approaches Glama directory is implementing to refine their own server monitoring and detection strategies. Given the "Caution" rating for MCP by default from the ThoughtWorks Technology Radar, evaluate existing and new MCP deployments against the principles outlined in the AI Harness Engineering Interview Preparation Handbook to ensure robust control layers and guardrails are in place. Consider exploring Neocloud providers for AI-intensive workloads to potentially reduce infrastructure costs and leverage specialized GPU performance.
Alex Albert — Research, Anthropic (@alexalbert__)