---
published: true
layout: post
title: MCP Discovery & Governance
date: 2026-06-19
author: Kin Lane
tags:
  - MCP
  - Governance
  - AI
  - APIs
  - Business of APIs
image: https://kinlane-productions2.s3.amazonaws.com/api-evangelist-images/2026-06-19-mcp-discovery-and-governance.png
---
I am working through research on "MCP governance"—meaning, what others out there are calling MCP governance. As with APIs, there is a wide mix of smoke, mirrors, and concrete practices around what governance of this new set of API patterns actually is.

For me, it's nothing new. First, MCP is just an API, despite all the hype and rhetoric. Everyone just wants to sell you a complete new stack of services. Despite this hustle, I'm learning to use the new words being applied at the frontline, but I want to make sure I'm moving beyond the technical words and speaking in business terms.

To help me tell better stories that speak to business stakeholders who are in need (whether they know it or not) of governance services on top of the integration of AI into their enterprise, I try to break things down into three main buckets.

## Cost
Translating governance into the impact it is having on your budgets as purses continue to tighten.

- Cost and operating-model transparency between centralized and federated MCP usage.
- The ability to set budgets for teams using MCP tools.
- MCP tooling visibility — shared with **Risk**.
- Standardized MCP usage — shared with **Velocity**.
- MCP discovery — shared with **Risk** and **Velocity**.

I want to speak in simple terms of what business leadership is not seeing when it comes to MCP sprawl.

## Risk
Translating governance into the risk you are opening your business up to when you are integrating AI.

- Secured MCPs.
- Compliant MCPs, governed against your standards.
- Data-use visibility for PII, GDPR, and other compliance.
- MCP tooling visibility — shared with **Cost**.
- MCP onboarding — shared with **Velocity**.
- MCP discovery — shared with **Cost** and **Velocity**.

I know that AI is keeping people up at night, and they are desperately looking for ways to minimize their exposure.

## Velocity
Translating governance into what you are desiring when it comes to your organization moving as fast as you want.

- Team MCP production and process.
- Embedded, automated MCP compliance.
- Standardized MCP usage — shared with **Cost**.
- MCP onboarding — shared with **Risk**.
- MCP discovery — shared with **Cost** and **Risk**.

We all want to be able to move faster with fewer resources, and many desperately want MCP to be the solution.

## Just Governance
For me, there isn't anything new with MCP. This is pretty classic API governance, but while we are spinning the acronym on governance from API to MCP to AI—let's just call it governance.

Then I want to keep doing the work to wordsmith the language and bullets I use to emphasize the cost, risk, and velocity considerations when integrating AI into business operations—which is all about APIs, whether people want to admit it or not.

<p align="center"><img src="https://kinlane-productions2.s3.amazonaws.com/api-evangelist-images/2026-06-19-mcp-discovery-and-governance.png" alt="The MCP Governance Venn — Cost, Risk, Velocity" width="80%"></p>