Visual Studio now supports connecting to local or remote MCP servers, configured via a .mcp.json file located in a user profile for global use or in an individual solution. Developers can add MCP servers by editing the file directly, using GitHub Copilot chat settings, or via one-click web installation. OAuth authentication is supported to grant MCP tools GitHub access. Organizations can restrict MCP functionality using GitHub policies. MCP servers expand agentic AI capabilities by executing tasks on developers' behalf. GitHub hosts MCP SDKs, nearly 400 official servers, and nearly 750 community servers, which Anthropic warns are untested. Security research examined MCP risks and compositional exposure.
Product manager Allie Barrie said that Visual Studio can now connect to local or remote MCP servers, configured using a file called .mcp.json which can be in a user profile, for global use, or in an individual solution. Developers can add MCP servers either by editing this file directly, or using settings in the GitHub Copilot chat window. There is also provision for one-click installation from the web. OAuth authentication is supported, for example to allow the MCP tools to have GitHub access.
MCP servers extend the capabilities of agentic AI, enabling developers to sit back and watch tasks being done on their behalf. Barrie references the list of MCP servers on GitHub, which includes MCP SDKs, nearly 400 official servers, and nearly 750 community-contributed servers for which there is a warning from Anthropic, the inventor of the protocol, that "community servers are untested and should be used at your own risk."
For example, API security company pynt published research into 281 MCP servers, investigating both their capabilities and whether they might process input from an untrusted source. An untrusted source might be a web page, a slack message, an email, or other external content. According to pynt, "MCPs are becoming the new execution layer for software workflows," the consequence being that multiple agents are used together and form a compositional risk.
Collection
[
|
...
]