2 minute read

The Odyssey-and-Faceplant of “MCP Auth” Startups

June 2025. San Francisco is still wearing the bruise-coloured bruise of the “agentic” hype cycle.

Last October every YC Discord channel looked the same:

“We’re building secure MCP auth so agents can call tools safely.” Demo video: two curl commands, a green check-mark, and a $3 M SAFE.

Week 0-2 | The sugar rush

Claude Code, Cursor, and every AI IDE were missing one stupid thing: a way to slap

curl -H "Authorization: Bearer xyz" https://example.com/tool

onto a tool call. Copy a JWT once, inject it on every request—ka-ching, angel cheque cleared, Hacker News top-5.

Week 3-6 | The oh-shit moment

Cursor ships “Custom Header” support. Claude copies them 48 hours later. Suddenly your $3 M startup is one menu item in an editor. Investors stop replying with the sparkle emoji.

Month 3 | Pivot parade

Some go “We’re actually a tool registry now.” Some pivot to RAG templates. Most quietly add “dormant” to their Slack workspace.

The pain they missed

The header was symptom, not disease.

  • You still need tokens that expire and refresh.
  • You still need tenant isolation so one customer’s embeddings don’t leak into another’s.
  • You still need a meter that converts “50 M tokens, 3 seats” into an invoice Stripe will actually bill.
  • And you need to run it locally today, inside a VPC tomorrow, on-prem next quarter—without rewriting docker-compose for every hop.

That’s unsexy plumbing. Valley tourists fled the moment the excitation glow faded.

What Attach.dev replaces

If you’re building:

  • A deep research tool
  • A customer-facing agent
  • A local-first LLM copilot

You’re going to need:

  • Secure auth
  • Namespaced memory
  • Token billing
  • Repeatable deploys

Attach.dev gives you all that in one drop-in gateway.

Attach.dev is the boring bit that never went away

We issue the JWT, rotate it, and shove it down every call—no prompt gymnastics. We give you namespaced memory in Weaviate/Postgres, rate-limits in Redis, metrics in OpenMeter, and a Stripe webhook that just works. Same compose file on your MacBook, DigitalOcean App Platform, or the bank’s Kubernetes cluster.

The IDEs will keep eating cupcakes—headers, autocomplete, maybe even OAuth pop-ups. We’re baking the concrete the cupcakes sit on.

So if you’re tired of refactoring yet‐another header proxy, pick the rails that survive the hype. We’ll be here, quietly counting tokens and sending invoices while everyone chases the next shiny prefix.

Co-written with GPT-4o and o3. They watched the rise and fall too.