Arcade

Executive Summary

Arcade is an MCP runtime platform built around one thesis: the thing blocking agents from production is authorization, not intelligence. It provides secure agent authorization (user-specific OAuth permissions rather than shared service accounts), a catalog of prebuilt agent-optimized tools for systems like Google, Slack, and Salesforce, an open source MCP server framework with OAuth and evals built in, and lifecycle governance for running agent fleets across an organization. ^[1] Founded in 2024 by Alex Salazar (whose previous identity startup, Stormpath, was acquired by Okta) and former Redis engineer Sam Partee, Arcade raised a $12M seed in March 2025 led by Laude Ventures with Flybridge, Neotribe, Hanabi Capital, and Andy Rachleff participating. ^[2]

The strategically defining move came in November 2025: Arcade co-authored the URL Elicitation SEP with Anthropic, a Specification Enhancement Proposal accepted into the official MCP specification that standardizes secure in-conversation OAuth authorization for MCP servers — Salazar called tool authorization "the missing piece that's blocked MCP from being an enterprise-ready protocol." ^[3] Wing VC's 2026 Enterprise Tech 30 named Arcade in its Early Stage category, crediting it with shipping the first MCP runtime and building 8,000+ production-grade tools. ^[4]

---

Product Overview

Arcade sits between agents and the SaaS tools they act on. When an agent needs to send an email or update a Salesforce record, Arcade handles the OAuth flow with the end user, stores and refreshes tokens, and executes the tool call under that specific user's permissions — the agent never holds credentials, and actions are attributable to a real identity rather than a service account. ^[1] Around that auth core, the platform layers a tool catalog, an MCP runtime for serving tools to any MCP client, and governance features (visibility, control, and compliance over which agents use which tools organization-wide). ^[1]

Customers listed publicly include LangChain, Snyk, Relevance AI, Prosus, and Sybill. ^[1]

Key Capabilities

Product Surfaces

---

Technical Architecture

Arcade's runtime brokers every tool call: the agent requests an action, Arcade challenges the end user to authorize via a standard OAuth flow when needed, then executes the call with that user's token. The URL Elicitation flow it standardized with Anthropic uses OAuth 2.0 — users sign in directly with the service, and the agent receives only the access tokens it needs, keeping credentials out of the model context. ^[3] The flow is now being adopted into the official MCP specification, SDKs, and popular clients, and Arcade's open source framework supports it by default. ^[3]

The open source layer, arcade-mcp, is a Python MCP server framework and tool development library (MIT license, 900+ stars and ~100 forks as of June 2026, with active daily development) for building custom tools that plug into the same runtime. ^[6] The hosted platform deploys to cloud, VPC, on-premises, or fully air-gapped environments. ^[1]

Key Technical Details

---

Strengths

• Protocol-level moat — co-authoring the URL Elicitation SEP with Anthropic puts Arcade's auth model inside the MCP specification itself; competitors now implement a standard Arcade helped write ^[3]
• Auth-first architecture — agents act as the authenticated end user with scoped tokens, giving enterprises attribution, least-privilege access, and revocability that service-account integrations lack ^[1]
• Enterprise deployment range — cloud, VPC, on-prem, and air-gapped options plus tenant isolation, audit logs, RBAC, and SSO/SAML at the Enterprise tier ^{[1] [5]}
• Large production tool catalog — 8,000+ production-grade tools per Wing VC's 2026 Enterprise Tech 30 write-up, which also credits Arcade with the first MCP runtime ^[4]
• Credible founding team — a second-time identity founder (Stormpath → Okta) and an ex-Redis ML engineer, backed by Laude Ventures in a $12M seed ^[2]

---

Cautions

• Modest open source footprint — 900+ stars on arcade-mcp versus 27K+ for Composio's repo and 10K+ for Nango's; the community signal trails the category leaders ^[6]
• Commercial core — the runtime, managed auth, and governance layers are closed; only the tool-building framework is MIT, so there is no full self-host exit hatch ^[6]
• Usage-based metering — user challenges ($0.05), standard executions ($0.01), pro executions ($0.50), and MCP server hours ($0.05) are each metered, so costs scale with agent activity ^[5]
• Seed-stage risk — $12M raised in March 2025 against rivals with larger war chests; the standards win must convert to revenue before the next raise ^[2]
• Catalog count is third-party sourced — the 8,000+ tools figure comes from Wing VC's list write-up; Arcade's own site does not publish a number ^{[4] [1]}

---

Pricing & Licensing

Pricing is usage-based with no seat licenses; a startup program covers companies under 100 employees. ^[5]

Licensing model: The arcade-mcp framework is MIT-licensed open source; the runtime platform and managed auth are commercial. ^[6]

Hidden costs: Four separate usage meters (challenges, standard executions, pro executions, server hours) mean spend tracks agent activity, not headcount — pro tool executions at $0.50 each add up fastest. ^[5]

---

Competitive Positioning

Direct Competitors

When to Choose Arcade Over Alternatives

• Choose Arcade when: agents must act as specific end users with attributable, revocable, least-privilege access — especially in regulated or security-conscious enterprises
• Choose Arcade when: you need VPC, on-prem, or air-gapped deployment of the agent tool layer
• Choose Composio when: you want the largest plug-and-play tool catalog and strongest open source community
• Choose Nango when: you also ship customer-facing product integrations and want a self-hostable core

---

Ideal Customer Profile

Best fit:

• Enterprises putting multi-user agent fleets into production where every action must map to an authenticated employee identity
• Security and platform teams that need governance, audit logs, and private deployment of the agent tool layer
• Teams building custom internal tools who want OAuth and evals handled by the framework ^[6]

Poor fit:

• Teams that require a fully open source, self-hostable platform end to end
• Hobbyists and single-user agent projects where user-scoped authorization is overkill
• Buyers selecting primarily on catalog community size and GitHub traction

---

Viability Assessment

Arcade is playing a standards game rather than a catalog game: by getting its authorization flow accepted into the MCP specification, it positioned itself as the reference implementation for the exact problem enterprises cite when blocking agent deployments. The risk is commercial, not technical — it must out-execute better-funded, better-known rivals before the standard it wrote becomes table stakes everywhere.

---

Bottom Line

Arcade is the auth-first bet in the MCP integration platform category — an MCP runtime where agents act as authenticated end users under scoped OAuth tokens, backed by 8,000+ production tools, enterprise governance, and the rare distinction of having co-written part of the MCP specification with Anthropic. ^{[1] [4] [3]}

Recommended for: Enterprises deploying multi-user agents that need attributable, least-privilege tool access with private deployment options.

Not recommended for: Teams wanting a fully open source stack or selecting on community size — see Composio or Nango.

Outlook: Strong strategic position from the Anthropic SEP collaboration; the open question is whether a seed-stage company can convert protocol influence into enterprise market share before larger rivals absorb the standard.

---

Research by Ry Walker Research • methodology