MCP (Model Context Protocol) has been getting a lot of attention lately. And for good reason — it's a clean, open way to give AI models access to external tools and data.
But if you're planning to put it in production, there are a few things worth knowing upfront.
1. Schema quality matters more than you think
When an AI queries your database via MCP, it reads your schema. Vague column names, inconsistent conventions, undocumented relationships — the model will make wrong assumptions.
Good schema design has always been important. With AI in the loop, it becomes critical.
2. Query volume will surprise you
Once non-technical users can ask data questions freely, they will. A lot.
We saw this building Conexor.io — teams that expected light usage ended up with 10x the query volume they planned for. Plan your connection pooling and rate limits accordingly.
3. Permissions need to be explicit
Your MCP server should enforce read-only access by default. It sounds obvious, but it's easy to over-provision during setup and forget to tighten it up.
Least privilege. Always.
4. Not everything needs to be a query
MCP is powerful, but some questions are better answered with pre-computed metrics or a BI tool. Use MCP for exploratory, ad-hoc questions — not as a replacement for dashboards.
MCP in production is genuinely exciting. These aren't reasons to avoid it — they're the things that separate a smooth rollout from a painful one.
Top comments (1)
Great post, Mads — this is exactly the kind of hard-won knowledge that gets skipped in most MCP tutorials.
One thing I'd add from building in this space: the production gap isn't just about schema quality or transport — it's about governance by default. Most MCP setups treat security and auditability as opt-in afterthoughts, which works fine in dev but falls apart the moment you're dealing with real enterprise data.
We've been building Vinkius (vinkius.com) around this exact premise — a Titanium-grade AI Gateway for MCP that treats governance as the intrinsic default behavior of the infrastructure, not a layer you bolt on later. Zero-Trust DLP, SSRF protection, 30-day audit trails, instant token revocation — all active from the moment you connect your first MCP server, with no extra config.
It's EU-based infrastructure designed specifically for the gap you're describing: autonomous agents that can reason freely, but within a compliance and integrity envelope that enterprise environments actually require.
If you're hitting production pain with MCP governance, worth a look.