From Gmail logins to Stripe payments, Arcade’s SEP gives MCP the trusted security flows required for enterprise-grade agents to run in production
Arcade.dev, the only MCP runtime, today introduces URL Elicitation — a crucial step forward in making Anthropic’s Model Context Protocol (MCP) ready for enterprise use. Now, users can interact directly with any web-based service from their MCP server, enabling secure authorization with enterprise tools, payment and subscription management, and secure collection of sensitive or personal data. Working in collaboration with Anthropic, Arcade authored an SEP (Specification Enhancement Proposal), which standardizes this secure flow, and is now available with its acceptance into the latest version of the MCP specification.
As AI agents grow in sophistication and the need for robust protocols increases, MCP is fast becoming the open standard for connecting AI agents to real tools and services. But until now, MCP had a fatal flaw: no secure way for agents to authorize the applications users rely on every day. The lack of secure authorization has been the brick wall stopping AI assistants from taking real action. While they could chat endlessly, they couldn’t send an email or update a calendar, as MCP had no way to log into the services people actually use. Arcade’s SEP changes that.
"Tool authorization has been the missing piece that’s blocked MCP from being an enterprise-ready protocol," said Alex Salazar, founder of Arcade.dev. "Our contribution gives MCP servers secure access to user applications using proven OAuth 2.0 auth patterns, which is the same security framework that has protected billions of online interactions for over 15 years."
Arcade’s innovative URL elicitation capability, co-developed alongside Anthropic, enables an MCP server to provide the user with a secure login page in their browser. The user signs in directly with Gmail, Slack, or any other service; the service then grants the agent only the limited permissions required.
Now enterprise AI teams are able to deploy agents that can interact with real data and integrate with their core systems, while ensuring sensitive credential data never passes through the AI model itself. Instead, credentials flow directly between trusted servers using the same OAuth 2.0 protocols that secure online banking, e-commerce, and enterprise applications. The AI application receives only the specific access tokens needed to perform requested tasks, and users maintain complete control over permissions through their existing app settings.
This SEP is now being adopted into the official MCP specification, SDKs, and popular clients. MCP servers built with the open source Arcade secure MCP framework already support URL elicitation by default, with many other server frameworks to follow.
This SEP continues Arcade’s momentum in hardening MCP for production use within enterprises. After releasing the first MCP runtime earlier this year, Arcade recently released a secure framework for building custom MCP tools with OAuth built-in, as well as an MCP Gateway capability so users can access Arcade’s catalog of secure, high-accuracy tools directly from their favorite MCP clients like Cursor. Some of the largest enterprises rely on Arcade’s MCP runtime to deploy AI agents that can take secure actions at scale on any system and for any number of users.
About Arcade.dev
Arcade.dev is the industry's first MCP runtime enabling AI to take secure, real-world actions. As the MCP runtime, Arcade is uniquely able to deliver secure agent authorization, high-accuracy tools, and centralized governance. Arcade helps teams at some of the largest organizations deploy multi-user AI agents that take actions across any system with granular permissions and complete visibility—no complex infrastructure required. Learn more and try it for free at www.arcade.dev.
View source version on businesswire.com: https://www.businesswire.com/news/home/20251125080912/en/
Contacts
Sam Dils, arcade@deeptech.agency