MCP Weekly: OpenAI x Snowflake, Codex on Mac, Xcode Goes Agentic

Welcome to the latest installment of the MCP Weekly, covering major developments from January 29th  to February 6. This week made one thing clear: MCP is moving from “developer curiosity” to core infrastructure. 

TL;DR

OpenAI’s $200M Snowflake partnership pulls frontier models closer to where enterprise data already lives, and the new Codex app on Mac signals a push toward agent command centers, not just copilots. 

On the build side, Apple’s Xcode update with Claude’s Agents SDK and MCP support brings agentic workflows deeper into the IDE. Meanwhile, AgentSuite and the xAI SpaceX merger headlines show the next bottlenecks are governance and compute.

Major Updates of the Week
OpenAI x Snowflake: first-party models inside the data cloud

On February 2, OpenAI and Snowflake announced a multi-year, $200 million partnership to embed OpenAI’s frontier models, including GPT 5.2, directly into the Snowflake AI Data Cloud. It signals a shift from bolted-on, third-party integrations to first-party model access inside Snowflake. The aim is to let enterprises run agents and reasoning on their data without moving it outside Snowflake’s security perimeter.

Developer Surfaces go Agentic

OpenAI’s Codex app + App Server
OpenAI launched the Codex app for macOS as a multi-agent workspace where developers can run parallel threads, review diffs, and manage longer-running tasks by project. Under the hood, OpenAI also introduced the Codex App Server, a long-lived, bidirectional JSON-RPC layer that lets different clients share the same agent runtime and state. In practice, that sets Codex up to feel consistent across the desktop app, CLI, and IDE integrations like Xcode and GitHub’s Agent HQ.

In parallel, GitHub is leaning into “Agent HQ” as the place where teams run multiple agents without bouncing between tools. Claude and Codex are now available inside GitHub surfaces (and VS Code) in public preview, with developers choosing the right agent per task.

Anthropic's Partnership with Apple & Claude Updates

Apple’s Xcode 26.3 adds agentic coding directly in the IDE, with built-in support for agents like Anthropic’s Claude and OpenAI’s Codex. Apple highlights that agents can navigate projects, update settings, run builds, and verify changes visually via Xcode Previews. On top of the native integrations, Xcode now exposes its capabilities through MCP, so compatible external agents can call into Xcode as a tool provider.

• Plugins: Launched for Claude Cowork that makes the desktop agent into a role specific coworker, allowing it to automatically execute multi-step tasks in a secured environment.
• Contribution Metrics: Suite designed to quantify the productivity of Agents, by integrating directly into GitHub. These metrics provide data on AI assisted pull requests and code commits.

ServiceNow x Anthropic (Claude for Build Agent)
ServiceNow picked Anthropic’s Claude as the default model for its ServiceNow Build Agent and a preferred model across the broader ServiceNow AI Platform. The bet is that Claude-powered agents can take a workflow from natural-language intent to full-stack build and execution inside ServiceNow, with less human babysitting and better enterprise controls.

Allen Institute x HHMI x Anthropic (Claude in life-sciences research)
Anthropic is partnering with the Allen Institute and Howard Hughes Medical Institute to bring Claude-powered multi-agent systems into real biological research workflows. Beyond “AI for science” headlines, the practical value is feedback from real-world lab and data workflows that surfaces gaps and failure modes, then feeds that learning back into how these agents are built and governed. 

Security and governance finally start to look like products

Virtue AI’s new AgentSuite is a clear signal that “tool calling” is now a security surface. Their launch frames MCP servers as part of agent infrastructure that needs continuous assessment, and introduces MCPGuard, positioned as a programmable scanner for MCP servers (tool descriptions, code scanning, and more) plus runtime controls and an “agent gateway” enforcement point.

Kong, coming from API governance, is making a logical move: an MCP Registry inside Kong Konnect to register, discover, and govern MCP servers as managed entities (similar to how enterprises already treat APIs).

Two more “boring but important” additions this week:
• Red Hat Ansible Automation Platform: an MCP server tech preview in AAP 2.6.4, positioning MCP as a control plane between agents and automation workflows.
• AWS: Deployment Agent SOPs in the AWS MCP Server preview, basically reusable playbooks that guide agents through multi step deployment flows from MCP compatible clients. These SOPs are executable workflows  that guide AI agents such as Claude Code, Kiro and Cursor.

Regulated agents: Corti’s Agentic Framework

Corti launched an Agentic Framework aimed at healthcare and life sciences, with a focus on governed orchestration and controls that fit regulated workflows. This fits the broader theme: “agents are easy, deployment is hard,” especially when the cost of errors is real.

Moltbook + OpenClaw: a stress test for the agent era

Moltbook’s viral moment is the messy mirror of everything above. A social network for AI agents, built around OpenClaw, grew fast (over 1.6M registered agents per reporting) and immediately ran into security problems, including vulnerabilities that enabled impersonation and data exposure. It’s a sharp reminder that “millions of agents” is not a flex unless identity, permissions, and auditability are solved first.

SpaceX acquires xAI

Multiple outlets reported SpaceX’s acquisition of xAI, valuing SpaceX around $1T and xAI around $250B, with Musk pitching orbital data centers as part of the long term vision. Whether that timeline holds is a separate question, but the direction is consistent: the AI stack is converging across software, infrastructure, and distribution.

My Thoughts: MCP Governance, Discovery, and Execution at Scale

Agents are moving into first-party “surfaces” (IDEs, data clouds, developer platforms), and the ecosystem is racing to add the missing enterprise layers around them. MCP keeps showing up as the interface that makes tools discoverable and callable across those surfaces, which raises the bar for governance. 

The Moltbook fiasco is a painful reminder that agent adoption runs on trust, and trust breaks fast. Once agents can discover and invoke tools across dozens of MCP servers, the weakest server becomes the easiest path to impersonation, data leakage, or unintended actions. That’s why the most meaningful “infrastructure” launches this week were the governance ones: registries, scanners, and policy gates that treat MCP servers like production systems, not loose plug-ins.

If you’re building with MCP, can you explain and control every tool call after the fact and in real time? Who authorized it, what data moved, which server provided the tool, what policy allowed it, and how you stop it mid-flight. The teams that get this right will turn MCP from a connectivity layer into a trustworthy execution layer, and that’s where real adoption compounds.

‍