MCP (Model Context Protocol) is being framed as the next evolution of API sprawl, introducing a new abstraction layer that obscures underlying services and expands the attack surface. Drawing on insights from Axway's Rogier van Boxtel at the 2025 Platform Summit, the piece highlights that nearly 80% of enterprise decision-makers don't know how many APIs they have, 57% have experienced API-related data breaches, and 43% of MCP servers are vulnerable to auth flaws. Unlike APIs that expose data, MCP exposes actions — raising the risk profile significantly. The post argues that combating sprawl requires federated governance layers, automated discovery via service registries, and stronger accountability mechanisms, while acknowledging that AI agents could paradoxically serve as both the cause of and solution to governance challenges at scale.
Table of contents
API Sprawl Is a Huge ProblemOngoing API Governance Challenges at ScaleAutomating API AnalysisAI Could Be the Sugar and the MedicineAI SummarySort: