MCP Weekly: Google and Microsoft Standardize MCP, OpenAI Optimizes Agents, Docker Secures Execution
March 20, 2026

MCP Weekly: Google and Microsoft Standardize MCP, OpenAI Optimizes Agents, Docker Secures Execution

MCP standardizes agent access as security defines production readiness

Table of Contents

Welcome to the latest installment of the MCP Weekly, covering major developments from March 13th to March 20th. In this blog, we look at enterprise platform launches, major security investments, infrastructure upgrades, and new agent tooling across the ecosystem.

TL;DR

Google launched the Colab MCP Server, letting any MCP-compatible agent control Google Colab notebooks directly in the cloud. Microsoft added an Azure DevOps Remote MCP Server to Foundry, connecting AI agents to Boards, Repos, and Wikis without local proxies. OpenAI released GPT-5.4 mini and nano, two fast and affordable models built for subagent delegation in multi-agent systems, and acquired Astral, the team behind uv and Ruff, to deepen Codex into a full Python development environment.

On the infrastructure side, Docker and NanoCo integrated NanoClaw with Docker Sandboxes, running every agent in a disposable MicroVM with no access to the host machine. Snowflake Ventures backed Bedrock Data to bring automated data governance and agent access monitoring into the Snowflake platform. NVIDIA launched NemoClaw, an open-source security stack for running autonomous agents locally on RTX and DGX hardware.

Major Updates of the Week

Google Colab MCP Server

Google released an open-source MCP server that gives any compatible agent direct control over Google Colab. Agents can now create notebooks, inject code, install dependencies, and run Python in a secure cloud environment without copying anything back and forth manually. This moves Colab from a user interface into a programmable execution layer that agents can operate end to end.

Microsoft Foundry MCP Server

Microsoft launched a public preview of an Azure DevOps Remote MCP Server inside Microsoft Foundry. Agents can now connect directly to Azure Boards, Repos, and Wikis through the Foundry Tool Catalog, with administrators able to restrict which specific tools each agent can access. This removes the need for developers to run local proxy servers just to give their agents access to project data.

Claude Updates

Vendor / Product Key Action / Feature Significance
Claude 1M Context: General Availability 1 million token context window now available at standard pricing for Opus 4.6 and Sonnet 4.6, with support for up to 600 images or PDF pages per request. Removes the cost barrier for long-context use, making it practical to feed entire codebases or document archives directly into the model without complex retrieval pipelines.
Product Management on the AI Exponential Anthropic's Head of Product for Claude Code details how rapid model improvement is replacing traditional roadmaps with prototype-first, evaluation-driven workflows. Shows how AI is changing the work of product teams internally, with Claude Opus 4.6 completing tasks in hours that previously took days.

Snowflake and Bedrock Data

Snowflake Ventures backed Bedrock Data in a strategic investment to bring automated data governance into the Snowflake platform. The integration extends Snowflake Horizon Catalog with upstream data lineage and enriched metadata, and adds centralized monitoring of Cortex AI agents to ensure they only access authorized data. The partnership targets the core enterprise concern of knowing exactly what data an AI agent touched and why.

OpenAI Updates

Vendor / Product Key Action / Feature Significance
Codex Security: No SAST Codex Security uses behavioral testing and automated proof-of-concept generation rather than static code scanning to confirm whether vulnerabilities are real. Reduces false positives that consume security team time; focuses effort on verified, exploitable findings.
OpenAI Acquires Astral OpenAI acquires the makers of uv, Ruff, and ty; Astral team joins Codex; open-source tools remain active post-acquisition. Gives Codex direct control over the tools that define code quality and environment stability in Python development.
GPT-5.4 Mini and Nano Two new efficient models optimized for subagent delegation; mini at $0.75/M input tokens with 54.4% SWE-Bench Pro; nano at $0.20/M for high-volume tasks. Makes it affordable to run many agents in parallel, lowering the cost barrier for complex multi-agent systems.

Docker and NanoClaw

Docker partnered with NanoClaw to run every NanoClaw agent instance inside a disposable MicroVM-based Docker Sandbox. Agents can install packages, modify files, and run terminal commands without any of those actions reaching the host machine. The NanoClaw codebase consists of only 15 core source files, making the entire stack straightforward for security teams to inspect and verify.

Other Updates

Vendor / Product Key Action / Feature Significance
NVIDIA NemoClaw Open-source security stack for OpenClaw that enforces policy-based guardrails for autonomous agents, with support for local inference on RTX and DGX hardware. Lets enterprises run always-on agents locally without sending data to the cloud, addressing both cost and data privacy at once.
Cursor Composer 2 New frontier coding model scoring 73.7% on SWE-bench Multilingual at $0.50/M input tokens, built for long-horizon multi-step coding tasks. Moves AI coding from autocomplete to multi-file, multi-step execution at a cost accessible to engineering teams.
Gemini CLI v0.34.0 Plan Mode is now the default; added gVisor sandboxing, loop detection, and an event-driven scheduler for agent-to-agent interactions. Hardens the Gemini CLI for production use, making it more stable during long autonomous sessions.
Okta for AI Agents Framework that treats AI agents as independent identities with lifecycle management, a centralized Agent Gateway, shadow agent detection, and a universal access kill switch. Applies enterprise identity controls to AI agents for the first time, giving security teams the ability to discover, govern, and instantly shut down any agent.
Alibaba Wukong Enterprise agentic platform for managing multiple autonomous agents across document editing, approvals, and research; accessible via DingTalk's 20 million corporate users. Alibaba's first major move into the agentic enterprise market, with planned integrations for Slack, Teams, and WeChat.

My Thoughts: The Rise of a Two-layer Agent Stack

Two structural shifts are starting to lock in.

Google and Microsoft shipping MCP integrations directly into Colab and Azure DevOps signals that MCP is moving from developer tooling into core platform infrastructure. Once that happens, it defines how agents are expected to connect by default. Any system that sits outside that standard starts to carry integration overhead immediately.

At the same time, the security layer is consolidating into something much more concrete. Docker isolating agents in MicroVMs, Okta assigning them identity and lifecycle controls, and Snowflake tracking data access and lineage are all solving different parts of the same operational requirement. Enterprises need deterministic control over what agents can access, what they can execute, and how to intervene in real time.

What’s emerging is a clearer separation of concerns. MCP defines how agents connect. The security and identity layer defines what they are allowed to do once connected.

That boundary is quickly becoming the deciding factor for whether an agent system is usable in production. Teams that treat it as a first-class architectural layer will move faster with fewer constraints. Everyone else will spend their time rebuilding guardrails after the fact.

Om Shree

Technical Evangelist

About Om Shree

Om Shree is a researcher, technical writer, and AI evangelist who focuses on making complex AI and agent workflows easier to understand. Om's passion is  breaking down emerging technologies into clear, practical insights. He's excited to provide useful in-depth research  that supports product planning and helps developers navigate new tools and systems with ease.

Further Reading

All Posts
Turn Your OpenAPI Specs Into MCP Tools—Instantly

Turn Your OpenAPI Specs Into MCP Tools—Instantly

Introducing a powerful new feature in Gentoro that lets you automatically generate MCP Tools from any OpenAPI spec—no integration code required.
April 22, 2025
6 min read
March 20, 2026
6 min read
MCP Weekly: Google and Microsoft Standardize MCP, OpenAI Optimizes Agents, Docker Secures Execution
March 13, 2026
5 min read
MCP Weekly: Microsoft Picks Claude, OpenAI Productizes Security, Meta Bets on Agent Networks
March 6, 2026
6 min read
MCP Weekly: OpenAI Raises $110B, Anthropic Faces Defense Showdown, and Google Launches Gemini 3.1 Flash-Lite

Customized Plans for Real Enterprise Needs

Gentoro makes it easier to operationalize AI across your enterprise. Get in touch to explore deployment options, scale requirements, and the right pricing model for your team.

Get in Touch