21.05.2026 • 41 Min.

Alex Nahas is 28 years old and has already initiated a W3C web standard. Working as a backend engineer at Amazon, he ran into a problem most enterprises face: MCP requires OAuth, but most enterprise infrastructure runs on SAML. His solution was elegant: run the MCP server in client-side JavaScript, letting AI agents use the browser's existing authentication context rather than rebuilding auth from scratch. What started as an internal tool became an open source project, then a viral Hacker News post published while under anesthesia, and ultimately an invitation from Google and Microsoft to help shape WebMCP as an official web standard. In this episode, Alex and Tobi explore what WebMCP actually is, why the browser is the most underestimated sandbox in AI development, and what the agentic web might look like two years from now. Topics covered: What MCP actually is and why it's just an RPC framework at its core Why OAuth is a dealbreaker for most enterprise infrastructure How WebMCP lets AI agents operate within existing browser authentication The Hacker News post that started it all, and why Alex doesn't remember posting it How Chrome is natively building WebMCP support The chicken-and-egg problem of standard adoption Real-time bidding for agents and what it means for digital advertising Why agents don't need their own identity Where the agentic web is headed in the next two years