Most MCP tutorials stop at a server that adds two numbers over stdio. That’s the easy 10%. The hard part, and the part nobody writes up, is everything you hit the moment you want to put an MCP in front of real company data: who’s allowed to call what, how you authenticate them, what you log, and how you stop the model drowning in eighty tools it doesn’t need.
I’ve spent a big chunk of the last few months living in this, including a run of conversations with Australian businesses and a few US fintech companies trying to wire MCPs into real systems. The question that comes up every time is less about whether you can build a tool and more about whether you can safely let one reach production data, and the fintechs especially won’t let you hand-wave it.