Arcade.dev, the provider of the Model Context Protocol (MCP) runtime, has announced a critical advancement for securing enterprise AI agents: URL Elicitation. Developed in collaboration with Anthropic, this capability solves a fundamental security flaw in MCP by enabling secure user authorization for web-based services. This allows AI agents to perform real-world tasks, such as sending emails or processing payments, by using proven OAuth 2.0 flows, ensuring credentials never pass through the AI model itself and making MCP viable for production-grade enterprise deployment.
Arcade authors a Specification Enhancement Proposal (SEP) for the MCP standard.
The new URL Elicitation capability enables secure OAuth 2.0 authorization.
It allows AI agents to securely log into services like Gmail, Slack, and Stripe.
User credentials flow directly between trusted servers, bypassing the AI model.
This solves the critical "tool authorization" flaw that blocked enterprise MCP adoption.
The SEP is now part of the official MCP specification, SDKs, and clients.
As AI agents become more sophisticated, the Model Context Protocol (MCP) has emerged as the leading open standard for connecting them to tools and data. However, a significant barrier remained: the protocol lacked a secure method for agents to authorize access to the applications users rely on daily. While agents could process information, they could not take actionable steps like sending an email or updating a calendar because they had no secure way to log in. Arcade's SEP directly addresses this by standardizing a secure flow for MCP servers to access user applications.
The URL Elicitation capability enables an MCP server to present a user with a secure login page in their browser. The user then signs in directly with the service provider (e.g., Gmail or Slack), which grants the agent only the limited, specific permissions required for its task. This process leverages the same OAuth 2.0 security framework that protects online banking and e-commerce, ensuring sensitive credential data never passes through the AI application. The agent receives only an access token, and users retain full control over permissions via their existing app settings.
This enhancement is a pivotal step in hardening MCP for enterprise use. It allows AI teams to deploy agents that can securely interact with real data and core business systems at scale. Alex Salazar, founder of Arcade.dev, stated, "Tool authorization has been the missing piece that’s blocked MCP from being an enterprise-ready protocol. Our contribution gives MCP servers secure access to user applications using proven OAuth 2.0 auth patterns." With this SEP now integrated into the official MCP specification, enterprise teams can build and deploy AI agents with the confidence that they can take secure, authorized actions on any system.
About Arcade.dev
Arcade.dev is the industry's first MCP runtime enabling AI to take secure, real-world actions. As the MCP runtime, Arcade is uniquely able to deliver secure agent authorization, high-accuracy tools, and centralized governance. Arcade helps teams at some of the largest organizations deploy multi-user AI agents that take actions across any system with granular permissions and complete visibility—no complex infrastructure required.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.