Rediscovering Domain-Driven Design, one MCP server at a time

A few days ago, a devops engineer posted on r/devops:

"MCP servers just showed up in our infrastructure and I genuinely have no idea how to secure them, anyone been through this?"

Filesystem access, shell permissions, database connectors - all callable by agents without human approval. At the time I'm writing this, the thread has 76 upvotes and 39 comments from fellow engineers improvising solutions: "separate by blast radius," "don't mix list_files and execute_shell in one server," "three security surfaces, not one."

They're all describing the same thing: the patterns they are rediscovering have been formalized in Domain-Driven Design (DDD), by Eric Evans.

In his book, Eric introduced concepts like Bounded Contexts and Anti-Corruption Layers, which gave us the vocabulary we've been using for system boundaries ever since. They helped us survive the microservices transition, and they apply directly to the architectural problems AI systems are creating right now.

Rediscovering Domain-Driven Design, one MCP server at a time

Other newsrooms on this story

Related reading

MCP For Software Engineers | Part 1 : Building Your First Server

MCP command execution flaw: what security teams need to know

200,000 MCP Servers Are Exposed. Here's Why Serverless Is Safer.

We Scored 14,800+ MCP Servers on Behavioral Trust. Here's What We Found.

Manifold Security Just Scored 7,700 MCP Servers. Here's Why That Number Should…

Defense in Depth for MCP Servers