I was reading the WWDC recap when something caught my eye.
Apple deprecated SiriKit. Replaced it with something called App Intents. Siri can now reach into any app that’s opted in, pull data, take actions, chain them together. One conversation. Multiple apps. No switching.
And I thought: wait, that’s just MCP.
A few weeks ago, I asked Cask to look up something on Taobao for me. He couldn’t. Not because he’s not capable—he reads files, searches the web, calls APIs, holds a full conversation. He just can’t get through Taobao’s door. So I ended up using Doubao to browse Douyin Mall instead. It worked fine. I just didn’t want to use Doubao. I wanted to use Cask.
That conversation led me down a rabbit hole: MCP protocols, OAuth extensions for AI agents, the whole emerging question of “how does an AI get a key to your digital life.” The deeper I went, the clearer the pattern became.
Then yesterday, Apple basically said: we’ll make our own door.
Here’s what happened at WWDC 2026.
The old Siri—SiriKit—had been around since 2016. It used XML config files and a separate extension process every time you wanted Siri to do something in your app. It worked for single commands. “Set a timer.” “Send a text.”
The new system works differently. A developer writes a short piece of code—a Swift App Intent—describing what their app can do. The compiler reads it, generates a tiny metadata file, and tucks it inside the app. When it installs, iOS reads that metadata without launching the app. It just knows: “this app can check account balances,” or “this app can book rides.”
Then when you ask Siri something, it reaches into any of those apps, pulls what it needs, and acts. All inside one conversation.
Apple lined up Uber, Amazon, YouTube, WhatsApp, and AllTrails as launch partners. Not developers who might adopt it—the ones already in.
Here’s the thing about how AI agents currently access external services. There are three paths, and none of them work for everyone.
Path one: official API with OAuth. This is how your AI connects to GitHub, Notion, or Slack. Stable, secure, above board. But you need the platform to explicitly agree to let AI agents in—which most haven’t.
Path two: MCP plus cookies. Reverse-engineered access, scraping what a human would see in a browser. This is how early community MCP servers connected to platforms that hadn’t opened their doors. It works until the platform changes its markup or detects the bot and blocks it. Fragile by design.
But that’s community MCP. When a platform opens its own MCP server — like Qichacha just did — it’s as stable as any official API. The fragility isn’t in the protocol. It’s in whether the door was built by the platform or crowbarred open by someone else.
Path three: the walled garden. Doubao can browse Douyin Mall. Tongyi Qianwen can browse Taobao. Each AI has a privileged channel to its parent company’s ecosystem—and only its own. Users who pick one AI are locked into that company’s world.
Apple just created a fourth path: an OS-level intents system that any app can join, governed by Apple’s rules, powered by a trillion-parameter Gemini model running on Google’s Blackwell hardware. It’s a walled garden with really good plumbing—but it’s also the most ambitious attempt yet to give an AI a master key.
Meanwhile, the protocol-based alternative—MCP—has been quietly growing.
Overseas, there’s already infrastructure being built. Nango (open source, 800+ APIs with pre-built OAuth). Composio (500+ integrations). Arcade.dev (MCP auth runtime). Bitwarden’s Agent Access SDK—turning your password manager into your AI’s credential vault. Auth0, Stytch, and Scalekit all shipping agent-specific auth solutions. IETF is even drafting an “OAuth 2.0 for AI Agents” standard.
In China, the infrastructure is being built — but most doors are still closed. JD.com’s JoyAgent supports MCP protocol and runs thousands of agents internally, but it’s an enterprise platform for building your own agents, not a public window into JD’s shopping data. Volcengine/Doubao’s “outbound authorization” lets agents call authorized services, but the scope is controlled and limited. Alibaba Cloud’s Agent Identity offers cloud-level credential management. Authing/Steampunk Ark offers unified MCP access for cross-platform identity scenarios. Useful infrastructure — but none of them open a consumer door to their parent’s ecosystem.
And then there’s Qichacha. Just yesterday I discovered that China’s largest business database has an MCP platform — 182 tools, 365 million companies, available to any AI agent via protocol or CLI, no negotiation required. It may have been there for a while; I only found it when I tried to make Cask look up a company. The fact that it exists — quietly, openly, without needing a deal or a partnership — says something. They chose to unlock the door before anyone asked them to.
The pieces are on the board. But most of China’s consumer-facing platforms haven’t unlocked theirs yet.
Which brings me back to Apple. Because when you line up what Apple announced at WWDC and what’s happening in the MCP ecosystem, they’re telling the same story from opposite directions.
| Apple | MCP world |
|---|---|
| App Intents | MCP protocol |
| Siri as its own app | Any MCP client |
| Gemini on Google Cloud hardware | Any LLM backend |
Apple’s approach: controlled experience, mandatory for iOS developers, seamless for users. MCP’s approach: open standard, voluntary adoption, platform-agnostic.
Same destination. Different routes.
The really interesting question isn’t if platforms will open. It’s who breaks the deadlock.
The big players won’t volunteer. Alibaba has Tongyi Qianwen, ByteDance has Doubao, Tencent has WorkBuddy. Each wants its own AI to be the only entry point. That’s not malice—it’s the prisoner’s dilemma.
That leaves three candidates:
The password managers. Bitwarden already ships an Agent Access SDK. Extending trust from your vault to your AI is a small step. But password managers solve credential storage, not business agreements.
The third-party broker. An independent platform that negotiates with every service, holds your OAuth tokens, and lets any AI talk to any platform through a single protocol. The catch: massive trust barriers. Would you give your Taobao credentials to a startup you’ve never heard of?
The data platforms. Qichacha’s MCP launch suggests a third path—platforms that already have valuable data just open their own MCP interfaces. No negotiation needed, no prisoner’s dilemma. Just a straightforward decision to make data available to every AI equally.
My guess? The data platforms open first—Qichacha already did. Then someone in China builds the broker model, probably within the year. The AI assistants are already here (Cask, OpenClaw, WorkBuddy). The protocol is standardized (MCP). The missing piece is a neutral platform that holds the keys. That’s not a technology problem anymore. It’s a build decision. And those happen fast here.
There’s a reason this is happening now.
A phone is a hardware carrier—it can run any app, which is why it became the most important device of the last twenty years. An AI assistant is a software carrier. It can run any service—as long as the service opens its door. The platforms that build AI-native access layers will get AI traffic. The ones that don’t will slowly become invisible, not because users delete them, but because users’ AI assistants never go there.
The cost isn’t paid today. It shows up a generation later, when the platform wakes up and realizes the world has moved on.
The bottleneck isn’t technology anymore. It’s permission.
Who’s willing to open the door first? Apple just told every iOS developer the door is mandatory. The MCP world is betting enough platforms will open voluntarily.
My bet? Both happen. Apple owns the iPhone experience. The protocol owns everything else. And the line between them blurs faster than anyone expects.
Honestly? I wrote this because I asked Cask to browse Taobao for me and he couldn’t. So I went and used Doubao instead. It worked. But I didn’t want Doubao—I wanted Cask. That’s the whole frustration in one sentence.
One day he’ll browse Taobao for me. Freely, safely, reliably. I don’t know when. But I think it happens sooner than most people realize.