Introducing MCPWorks: Infrastructure for the Agentic Era
We're at an inflection point in software.
AI assistants are becoming the interface through which developers and knowledge workers interact with their tools. Claude Code, GitHub Copilot, and dozens of other AI-powered environments are changing how we write code, automate tasks, and build systems.
But there's a gap. These AI assistants are powerful reasoners, but they need infrastructure to act on. They need secure places to execute code. They need workflows to orchestrate. They need tools that don't leak credentials or expose sensitive data.
That's what MCPWorks is building.
What MCPWorks Is
MCPWorks is infrastructure for AI-driven workflow automation. We host secure execution environments. We run your workflows. Your AI assistant connects via the Model Context Protocol (MCP) and orchestrates everything.
The tagline says it simply: Build the logic. We host it. Your AI uses it.
We're not building another AI product. We're building the workshop where AI assistants can safely craft and invoke tools.
The BYOAI Philosophy
BYOAI: Bring Your Own AI.
This is the core principle behind everything we build. MCPWorks is infrastructure, not an AI product.
| What We Provide | What You Bring |
|---|---|
| MCP infrastructure | Your AI (any LLM, API keys, or AI services) |
| Code Execution Sandbox | Your reasoning and tokens |
| Hosted workflows | Your prompts and intent |
| Secure proxy | Any MCP-compatible client |
Why does this matter?
AI-Agnostic. We don't favor any AI engine. MCPWorks works with Claude, Copilot, GPT, or any MCP-compatible client. Use whatever AI fits your needs.
No Token Costs From Us. You control your AI spend. We bill for infrastructure, not inference. We're not in the business of reselling tokens at a markup.
Future-Proof. As new AI assistants emerge, they work with MCPWorks if they support MCP. We're building on an open protocol, not a proprietary lock-in.
No Vendor Lock-in. Connect your own LLMs and AI services. Switch providers whenever you want. Your workflows stay the same.
The Product Underneath the Product
What's the real product we're building? Efficiency.
Our infrastructure enables 70-98% reduction in AI token usage compared to traditional approaches. Here's why that matters:
AI inference is expensive. Every token your AI processes costs money. Every unnecessary context loaded into a prompt is waste. As AI usage scales, the difference between efficient and inefficient tooling becomes the difference between sustainable and unsustainable operations.
MCPWorks reduces token usage through two architectural principles:
Progressive Disclosure. Instead of loading all tool definitions into AI context upfront (often 150K+ tokens for large toolsets), MCPWorks loads only tool names initially. Full schemas are retrieved on-demand when the AI actually needs them. This alone can reduce overhead by 98%.
Code Execution Isolation. When AI writes code to orchestrate workflows, intermediate data stays in our execution environment. It never enters the AI context unless needed for decisions. Process 50 orders? Only the final summary ("Processed 50 orders") returns to the AI, not 50 order objects.
Today, this is a nice optimization. Tomorrow, as AI costs rise and usage scales, it becomes essential infrastructure for cost-effective AI operations.
What We're Building
Code Execution Sandbox
The cornerstone of MCPWorks is secure sandboxed execution for AI-generated code.
Your AI writes Python or TypeScript. We run it safely in an isolated environment with:
- Linux namespaces for process isolation
- cgroups for resource limits
- seccomp for syscall filtering
- Network isolation and controlled access
The AI sees one tool: run_code. That tool is a portal into a secure execution environment where workflows can be orchestrated, data can be processed, and sensitive information never leaks into the AI context.
Hosted Workflows
We're building on Activepieces, an open-source workflow automation platform. You create workflows visually—Stripe to Slack, Shopify to email, whatever integrations you need.
Those workflows execute through our Code Execution Sandbox. The AI orchestrates them via MCP. Intermediate workflow data stays isolated.
Secure Proxy
The MCPWorks Proxy is the only thing you install locally:
uvx mcpworks
It handles stdio-to-HTTPS translation, routes requests to our hosted services, and bundles enterprise security: encryption, authentication, audit logging.
Our Values
Fear and Respect What You Build
We're creating infrastructure that enables AI assistants to craft and invoke arbitrary tools. Users bring their own reasoning engines. We provide the workshop. The combinations are infinite and unpredictable.
This is powerful. This should make us uncomfortable.
If we're not slightly afraid of our own platform, we're not thinking hard enough about what it enables. Fear keeps us from shipping recklessly. Respect keeps us from underestimating consequences. Humility keeps us from assuming we know all the use cases.
Infrastructure Over Intelligence
We don't pretend to be smarter than your AI. We provide reliable, secure, well-documented infrastructure. The intelligence comes from your chosen LLM. Our job is to not get in the way.
Simplicity Enables Power
The most powerful tools are often the simplest. One proxy. One sandbox. One workflow editor. The power comes from composition, not complexity.
Every layer we don't add is a dependency we don't have, an attack surface we don't expose, a failure mode we don't debug, and a cost we don't pay.
But simplicity never compromises security. We use Linux primitives correctly: namespaces for isolation, cgroups for limits, seccomp for syscall filtering. Simple doesn't mean naive.
The Current Moment
2026 is the year of agentic AI. Autonomous agents are going mainstream. MCP has become the industry standard for AI-to-tool connectivity, adopted by Google, Microsoft, Salesforce, and governed by the Linux Foundation.
But there's a governance gap. Organizations are deploying AI agents faster than they can secure them. Open-source personal AI agents are leaking credentials. Supply chain attacks target agent skill ecosystems. Agent-to-agent prompt injection is a real attack vector.
MCPWorks sits at the intersection of these trends: secure, hosted MCP infrastructure for the age of autonomous agents.
We're not trying to replace the AI assistants or the open-source agent ecosystems. We're building the secure execution layer that makes them deployable in production.
What's Next
We're in the early stages. A0 milestone: Code Execution Sandbox, hosted workflows, proxy, and a basic dashboard. We're targeting 5-10 pilot users to validate the approach.
If you're building with AI assistants and need secure infrastructure for your workflows, we'd love to talk. If you're running into token costs that don't scale, we might be able to help. If you're deploying AI agents and your security team is asking hard questions, we're building answers.
Build the logic. We host it. Your AI uses it.
Questions or feedback? Reach out at [email protected].