Anthropic Buys Stainless, NSA Warns on MCP: What SMBs Need to Know
Anthropic acquired Stainless for $300M+ and the NSA released MCP security guidance. What changes for businesses deploying AI agents that connect to your data.
By Springvanta
Two things happened this week that tell you where AI agent infrastructure is headed. On Monday, Anthropic acquired Stainless, the company that generates SDKs for almost every major AI platform, reportedly for over $300 million. Two days later, the NSA's Artificial Intelligence Security Center published a formal security guidance for the Model Context Protocol, the same protocol Stainless was built to serve.
These are not separate stories. They are the same story from two sides: MCP, the protocol that lets AI agents connect to your CRM, your database, your forms, your everything, has become contested territory.
What Anthropic actually bought
Stainless was founded in 2022 by Alex Rattray, a former Stripe engineer. The company built a compiler that takes an API specification and generates production-ready SDKs in TypeScript, Python, Go, Java, and Kotlin. The pitch was simple: SDKs are the front door to your platform, and most companies treat them like an afterthought.
The customer list tells you why this matters. OpenAI, Google DeepMind, Cloudflare, Replicate, Runway, and Groq all used Stainless to generate the developer libraries that millions of programmers download every week. Roughly a quarter of professional software developers have used a Stainless-generated SDK or visited a Stainless-generated docs page, according to the company's own data.
Anthropic was an early customer. Every official Claude SDK was built with Stainless tooling. Now that relationship is exclusive: Stainless will wind down all hosted products, and existing customers keep the SDKs they already have but lose the platform that updates them automatically as APIs change.
For OpenAI and Google, this means the infrastructure that powered their official developer SDKs is now owned by a direct competitor. TechCrunch reported that OpenAI had previously abandoned an in-house SDK effort because of the maintenance burden, so rebuilding from scratch becomes an urgent priority, not a casual migration.
Katelyn Lesse, Head of Platform Engineering at Anthropic, framed it plainly: "Agents are only as useful as what they can connect to."
That is the real bet. The moat is not the model anymore. It is the interface layer between the model and everything else.
The NSA steps in
On May 20, the NSA's Artificial Intelligence Security Center released a Cybersecurity Information Sheet titled "Model Context Protocol (MCP): Security Design Considerations for AI-Driven Automation."
The timing was not subtle.
The report identifies specific gaps in MCP's current design. Serialization risks where malformed data could exploit parsing logic. Trust boundary problems where agents implicitly trust tools without verifying them. Dynamic tool invocation, which means an agent can discover and call new capabilities at runtime without human review. Context sharing, where sensitive information passed between agents and tools can leak across boundaries.
The NSA's language is direct: "These are not isolated problems that can be patched at the interface or endpoint level. Securing MCP systems requires treating the agentic environment as a continuum."
, you cannot just bolt security onto one part of the pipeline. A misconfiguration anywhere in the agent-tool-data chain propagates through the whole system.
This is not theoretical. Researchers from Knostic scanned for internet-exposed MCP servers and found 1,862 of them. None had authentication. These are connectors that can access databases, file systems, and cloud services, sitting on the open internet with no login required.
CIS, the Center for Internet Security, published its own MCP companion guide around the same time, mapping MCP deployments against CIS Critical Security Controls v8.1. When two independent security standards bodies release MCP guidance in the same week, the signal is clear: this protocol is being deployed faster than it is being secured.
Why this matters for businesses evaluating AI agents
If you are an SMB looking at AI tools for intake forms, lead qualification, CRM automation, or any workflow where an AI agent touches your business data, MCP is almost certainly in the stack somewhere. It is the wiring that connects Claude, ChatGPT, Gemini, and every other agent platform to the tools they act on.
Here is what changes this week:
Vendor lock-in just got sharper. Anthropic now controls the most widely used SDK generation pipeline. If your AI stack depends on Claude, your developer experience just got better. If it depends on OpenAI or Google, your SDK pipeline just got less certain.
Security is no longer optional, it is structural. The NSA is telling you that MCP deployments need to be treated as a security continuum, not a set of isolated endpoints. If you are deploying AI agents that connect to CRM, billing, or customer data, you need to audit the MCP layer specifically. Generic API security is not enough.
The "build vs. buy" calculus shifted. OpenAI and Google now need to rebuild SDK infrastructure that Stainless handled for them. That is months of engineering work, and in the meantime, Anthropic has exclusive access to the best tooling in the category. If you are picking an AI platform today, the quality of the SDK and connector layer should factor into that decision.
What to do right now
If you are deploying AI agents that use MCP connections, three concrete steps:
-
Audit your MCP server exposure. Check whether any MCP connectors in your stack are internet-accessible. The Knostic research suggests this is more common than anyone assumed.
-
Review the NSA guidance. The CSI document outlines specific design considerations around authentication, authorization, and input validation for MCP deployments. It is free and written for practitioners, not researchers.
-
Ask your AI vendor about their MCP security posture. If you are buying an AI agent product, ask specifically how they handle MCP authentication, how they isolate tool contexts, and whether they have reviewed their MCP layer against the NSA recommendations.
The AI agent market is moving fast. This week showed that the infrastructure layer underneath it is moving faster, and that the security community is paying close attention.
Sources:
- Anthropic acquires Stainless (Anthropic official announcement)
- NSA CSI: MCP Security Design Considerations (NSA official press release)
- Anthropic has acquired the dev tools startup used by OpenAI, Google, and Cloudflare (TechCrunch)
- Anthropic acquires Stainless to strengthen Claude's developer tooling (InfoWorld)
- CIS Controls v8.1 MCP Companion Guide (CIS)