Arcade.dev — creator of the only production-grade MCP runtime — today introduced URL Elicitation, a major advancement for Anthropic’s Model Context Protocol (MCP) and one that finally solves its most limiting gap: secure user authorization.
For the first time, MCP servers can interact directly with any web-based service, enabling secure authentication with enterprise SaaS tools, payment platforms, internal systems, and workflows that require personal or sensitive data. The capability lands with the acceptance of Arcade’s newly authored SEP (Specification Enhancement Proposal), developed in collaboration with Anthropic and now part of the official MCP specification.
Until today, MCP had a fundamental limitation: AI agents could talk, but couldn’t act.
There was no secure method for agents to log into the services users rely on — no way to send an email, update a calendar, access CRM data, manage cloud resources, or perform any authenticated action. That missing security layer kept MCP stuck at the “demo” stage for enterprise adoption.
Arcade’s SEP changes all of that.
Fixing MCP’s “Fatal Flaw” With Proven OAuth 2.0 Flows
“Tool authorization has been the missing piece that’s blocked MCP from being an enterprise-ready protocol,” said Alex Salazar, founder of Arcade.dev. “Our contribution gives MCP servers secure access to user applications using proven OAuth 2.0 auth patterns, the same security framework that has protected billions of online interactions for over 15 years.”
Arcade’s new URL elicitation mechanism allows an MCP server to open a secure, user-controlled login page in the browser. Users authenticate directly with Gmail, Slack, GitHub, Stripe, or any other OAuth-capable service, which then issues carefully scoped permissions to the agent.
Critically:
- Credentials never pass through the AI model
- Sensitive tokens flow only between trusted servers
- Users maintain full control through their existing app settings
- AI agents receive only the minimal access required for each task
This approach mirrors the hardened OAuth 2.0 patterns that secure online banking, enterprise SaaS, and global e-commerce.
Unlocking Real Enterprise Use Cases for AI Agents
With secure authorization now standardized, MCP can finally support high-trust, high-value actions, including:
- Sending emails or messages on behalf of users
- Managing calendars, docs, repos, and files
- Integrating with ERP, HRIS, CRM, and other enterprise systems
- Handling payments, subscriptions, and invoicing
- Accessing internal APIs and protected datasets
- Executing workflow automations safely at scale
Enterprise AI teams can deploy agents with confidence that sensitive data is handled using the same patterns long trusted by the industry.
Adoption Across the MCP Ecosystem
This SEP is already being merged into the official MCP specification, SDKs, and widely used clients.
Arcade’s open source secure MCP framework supports URL elicitation out of the box, with additional server frameworks expected to follow.
The update is part of Arcade’s broader push to prepare MCP for large-scale, production enterprise usage. The company has released:
- The first MCP runtime (now used by leading enterprises)
- A secure OAuth-ready framework for building custom MCP tools
- An MCP Gateway that lets users access Arcade’s catalog of secure, high-accuracy tools from popular MCP clients such as Cursor
Some of the world’s largest enterprises are already deploying Arcade’s runtime to run AI agents that take secure, auditable actions across complex systems and large user populations.
The Bottom Line
The introduction of URL elicitation is a turning point for MCP. With secure, standardized authorization in place, MCP can progress from a promising protocol to a true enterprise-grade foundation for AI agents.
Arcade’s contribution doesn’t just plug a hole — it fundamentally unlocks the ability for AI assistants to interact with the real tools people use every day, securely and at scale.
