AI
MCP Embedded Across Google’s Stack
Alan Blount opened by answering a common question: “Does Google use MCP?” Yes. He described a platform that spans models from Google DeepMind, specialized tools, security and IAM, BigQuery, vector search indexes, and data center infrastructure. MCP shows up in the tools layer and in governance across MCP servers. The goal is an open platform without lock-in. Developers can use all of Google’s services or just one, like the Memory Bank or code execution sandbox.
ADK: Google’s Open Source Agent Framework
Blount explained the Agent Development Kit (ADK). It is fully open source and used by hundreds of Google teams to build agentic products. ADK shipped with MCP support on day one. Developers wire in tools via MCP, skills, or other interfaces. Blount described his own workflow: he puts agent skills into his IDE, which then writes ADK agents for him. Google Cloud Next will showcase improvements to this “agents writing agents” pattern.
Remote MCP Servers and Enterprise Security
Vaibhav Katkade demonstrated hosted MCP servers for Google services such as Maps, BigQuery, Spanner, and Cloud Logging. These are remote HTTP endpoints with OAuth authentication and access control. Nearly 50 MCP servers are planned. He showed Cloud Connector adding a Maps MCP server with OAuth client ID and secret from the Cloud console. Apigee now converts any enterprise API into a remote MCP endpoint, with rate limits, quotas, and AI security via Google Cloud Model Armor or third-party guardrails.
Securing Agent Protocol Traffic with Envoy
Katkade described how traditional proxies handle only HTTP headers, but agent protocols like MCP and A2A embed attributes in the JSON payload body. Google extended Envoy’s protocol filtering to parse MCP JSON-RPC payloads. Those attributes are sent to external authorization systems for inline AI security, custom access control, and observability. Every agent-to-agent interaction inside Google’s infrastructure uses this Envoy proxy layer to authorize and secure agents.
Notable Quotes
“Does Google use MCP? Yes.” Alan Blount · ▶ Watch (13:22)
“We launched with MCP support on day one.” Alan Blount · ▶ Watch (5:27)
“You can plug in the URL of the remote MCP server endpoint.” Vaibhav Katkade · ▶ Watch (16:18)
“This is the same ADK that Google is using to build our own agentic products today. It’s fully open source.” Alan Blount · ▶ Watch (4:45)
“We extended Envoy’s protocol filtering capabilities to support MCP and parse all of the JSON payloads.” Vaibhav Katkade · ▶ Watch (24:19)
Key Takeaways
- Google has hundreds of teams building agents on the open-source ADK with native MCP support.
- Hosted MCP servers for Google services use OAuth and access control; nearly 50 are coming.
- Envoy proxies now parse MCP payloads to enforce security, governance, and observability at scale.
About the Speaker(s)
Alan Blount is a Sr. Product Manager for the Agent Platform at Google Cloud Vertex AI. A 20-year software engineer turned PM, he empowers developers to build trustworthy, state-of-the-art Gen AI agents. His focus spans ADK, A2A, MCP, and A2UI.
Vaibhav Katkade has spent 15+ years working with Fortune 100 enterprises on zero-trust enterprise security solutions across on-premise and cloud networks. At Google, he works on products and solutions to secure and govern MCP and agentic workloads.