Module 5
Selling MCP Internally
How to get budget, engineering time, and executive buy-in.
The Scenario
You believe in MCP. You have tried it in the lab. You have mapped your product's surface area. Now comes the hard part: getting your organisation to agree to build it.
Your team is skeptical. Your CFO wants an ROI number. Your CISO has security concerns. Your CTO thinks it is "just another protocol." Your CEO is not convinced there is urgency. You need to build a coalition and move from "interesting idea" to "approved project."
This module gives you the playbook for each conversation.
The CFO Conversation: Quantifying ROI
Your CFO wants a number. Not a story. A number.
CFO Conversation Guide
What they care about:
"What is the return on this investment? What is the cost?"
Your argument (framed as cost reduction + new revenue):
Cost Reduction: Calculate the engineering hours you currently spend maintaining custom integrations. Multiply by your fully-loaded engineer cost. In year one, you save the cost of building and maintaining N new custom integrations. In year two and beyond, you save maintenance costs on all of them. Most teams see 20-30 percent reduction in integration maintenance debt within 12 months.
New Revenue: Calculate the TAM of AI assistant users in your target market. What percentage of your addressable market uses Claude, ChatGPT, or Gemini? How much revenue would you capture if that cohort had easy access to your product through AI? Even a 2-3 percent attach rate from AI-driven discovery represents meaningful new revenue.
Competitive Cost of Not Building: What is the cost of losing deals where competitors have AI integrations and you do not? Interview sales. Get a number. Even "one deal per quarter" over a year is quantifiable revenue at risk.
The number they want to hear:
"Building MCP costs £X. We expect to recover that cost within 6 months through reduced integration maintenance. Within 12 months, we expect new revenue from AI-driven acquisition to exceed the cost by £Y. And we avoid £Z in lost deals to competitors."
The CTO Conversation: Technical Credibility
Your CTO wants to know: Is this a real standard or another flash in the pan?
CTO Conversation Guide
What they care about:
"Is this real? Is it a single-vendor bet? How much work is this really?"
Your argument (framed as industry convergence, not single vendor):
It is backed by everyone that matters. MCP is backed by Anthropic, but the ecosystem converged around it. Microsoft, Google, OpenAI all adopted it. In December 2025, Anthropic donated it to the Agentic AI Foundation under the Linux Foundation. That is the opposite of vendor lock-in. That is a community standard.
It is open source. No licensing. No lock-in. Your team can audit the spec. You can contribute to it. This is not a proprietary protocol.
The effort is manageable. A typical MCP server takes two to four weeks for a mid-to-senior engineer. That is one sprint. We are not talking about a six-month architecture rewrite. We are talking about two weeks of focused engineering.
The ecosystem is already there. Show them smithery.ai. There are 17,000+ MCP servers already built. Your team is not inventing anything. You are participating in something that already exists and is growing.
The number they want to hear:
"One mid-senior engineer, two to four weeks, one sprint. After that, it is maintenance work on par with maintaining a single API. MCP is backed by Microsoft, Google, and OpenAI, not just Anthropic. It is open source with community governance. The risk of betting on this is lower than the risk of ignoring it."
The CISO Conversation: Security Framing
Your CISO is worried. MCP means exposing your product to AI assistants. That sounds like a security risk.
CISO Conversation Guide
What they care about:
"Is this secure? Are we exposing ourselves to attacks? How do we control access?"
Your argument (framed as more secure than status quo):
MCP is more secure than the current alternative. What is the current alternative? Custom point-to-point integrations with varying levels of security. Each one is a potential attack surface. MCP standardises authentication, scoping, and access control. One consistent security model beats N inconsistent ones.
Scoped access. MCP lets you expose only what you choose. You do not expose your entire API. You expose a curated set of Tools and Resources. You control exactly what data is accessible and what actions can be performed. That is more fine-grained control than most custom integrations offer.
Audit trail. MCP provides standardised logging across all AI interactions. Every Tool invocation is logged. Every Resource access is logged. You have a single audit trail instead of scattered logs across multiple integration points.
No credential sharing. MCP uses OAuth-based authentication. You do not hand API keys to AI assistants. Users authenticate, and the assistant gets a scoped token. That is more secure than the alternative (exposed credentials in environment variables).
The number they want to hear:
"MCP reduces attack surface by consolidating N custom integrations into one standardised protocol. It provides granular scoping (you control exactly what is exposed), standardised audit trails, and OAuth authentication. The risk profile is better than the status quo, and compliance is easier because it is one consistent model instead of N custom implementations."
The CEO Conversation: Strategic Narrative
Your CEO wants to know: Why should we prioritise this? Is this a competitive advantage or a commodity?
CEO Conversation Guide
What they care about:
"Is this strategic? Does this matter to our market position? Will we fall behind if we do not do this?"
Your argument (framed as infrastructure for next-generation distribution):
Every major platform is building MCP support. Microsoft Copilot, OpenAI ChatGPT, Google Gemini, Anthropic Claude all support MCP. This is the AI equivalent of building a mobile app in 2010. It was not optional then. It is not optional now.
This is your distribution layer for the next decade. In the 2000s, distribution came through websites. In the 2010s, it came through mobile apps. In the 2020s, it comes through AI assistants. If your product is not discoverable through AI, you are missing a major distribution channel.
First movers get disproportionate advantage. When protocols shift, the companies that support them first get halo effects, placement advantages, and ecosystem visibility. We saw this with mobile apps. We saw it with API integrations. The early movers in MCP will capture outsized share of AI-driven traffic.
This is an investment in ecosystem position, not just a feature. MCP is not a feature for this quarter. It is infrastructure that compounds over time. Every month we wait, our competitive position in the AI layer gets weaker.
The narrative they need to hear:
"MCP is not optional. Every major AI platform is building support. This is the distribution layer for the next decade. Companies that ship early will have disproportionate advantage in AI-driven traffic and user acquisition. The cost of not building is not just a missed opportunity. It is ceding strategic position in the fastest-growing distribution channel. We should ship this in the next two quarters, not next year."
Building Your Internal Coalition
After four separate conversations, you have four different stakeholders aligned around MCP, but for four different reasons:
| Stakeholder |
Their Motivation |
What Alignment Looks Like |
| CFO |
Cost reduction + new revenue |
Approved budget for two-sprint project |
| CTO |
Industry standard, manageable effort |
Engineering resource allocated |
| CISO |
Standardised security model |
Security sign-off on scope |
| CEO |
Strategic position in AI layer |
Roadmap prioritisation signal |
When you have alignment from all four, you have a coalition. That coalition moves MCP from "nice to have" to "approved project."
Do not try to convince everyone with the same argument. Tailor each conversation to what that stakeholder cares about. CFO wants numbers. CTO wants technical credibility. CISO wants security guarantees. CEO wants strategic narrative. Give each one what they need to say yes.
Common Objections and Rebuttals
Objection: "Users are not asking for this."
Rebuttal: Users do not ask for distribution channels. They ask for your product. If your product becomes accessible through AI assistants, adoption accelerates. Users do not ask for mobile apps either, but companies that ship mobile apps win.
Objection: "This will distract us from core product."
Rebuttal: Two-week sprint, not a six-month initiative. And it directly supports core product by expanding distribution. It is not a distraction. It is a force multiplier for existing roadmap items.
Objection: "Let us wait and see if this becomes mainstream."
Rebuttal: It is already mainstream. 17,000 MCP servers exist. Every major AI platform supports it. Microsoft, Google, OpenAI, Anthropic all ship it. Waiting means being a fast-follower, not a first-mover. We lose 6-12 months of ecosystem visibility.
Objection: "We can build our own proprietary integration instead."
Rebuttal: Proprietary means you maintain N integrations with N platforms. MCP means you maintain one standard. Proprietary is more work and higher maintenance cost. The maths is clear.
Your Approval Checklist
By the time you have had all four conversations, you should have:
- CFO agreement on budget and ROI framework
- CTO agreement on technical approach and resource allocation
- CISO agreement on security scope and controls
- CEO signal that MCP is strategically important
- Engineering resource committed for two-week sprint
- Clear definition of MVP scope (3-5 Tools/Resources)
- Measurement plan (how you will track success post-launch)
When you have all seven items, you have approval. The project moves from "interesting idea" to "committed roadmap item."
Which stakeholder will be your hardest sell, and what data would convince them?
Key Takeaways
- Tailor each conversation to stakeholder motivation. CFO needs ROI. CTO needs technical credibility. CISO needs security assurance. CEO needs strategic narrative. Same project, four different pitches.
- Quantify everything. Engineering weeks, cost savings, new revenue, lost deal risk, maintenance debt reduction. Do not ask people to believe. Give them numbers.
- MCP is more secure than the status quo. Not equally secure. More secure. Standardised access control, scoped permissions, audit trails, OAuth authentication all beat scattered custom integrations.
- This is a strategic positioning play, not a feature. The CEO needs to understand that MCP is infrastructure for the AI-driven distribution channel. Not shipping MCP is strategic risk.
- Build your coalition methodically. Do not try to get everyone aligned in one meeting. Have four separate conversations. Get buy-in from each stakeholder individually. Then bring them together.
Integration Debt
Cumulative maintenance cost of managing multiple custom platform integrations. MCP reduces this by consolidating to one standard.
TAM (AI Assistants)
Total addressable market of users who interact with your product through AI assistants. Growing rapidly as adoption accelerates.
Scoped Permissions
Fine-grained access control in MCP enabling you to expose only specific Tools and Resources, not your entire API surface.
Ecosystem Visibility
How discoverable and usable your product is within AI assistant platforms. MCP integration directly increases this.
Coalition Building
Process of aligning multiple internal stakeholders around a single decision through targeted conversations addressing each stakeholder's specific concerns.
Strategic Positioning
Your product's competitive advantage within emerging technology ecosystems. MCP investment directly impacts positioning in AI layer.
Next Module
MCP in Your Roadmap
Where MCP fits alongside everything else you are building and how to sequence it without disruption.