BurnRate Blog

Data-driven insights on AI coding tool costs. Real numbers, real savings.

The Real Cost of Vibe Coding: Why Your $20/Month AI Subscription Actually Costs $300+

March 10, 2026 · 11 min read · Cost Analysis, Industry Research, Data

In February 2025, Andrej Karpathy coined the term "vibe coding" — the practice of fully surrendering to AI. Collins English Dictionary named it Word of the Year for 2025. JP Morgan published a guide for founders. But the promise of "build anything for $20/month" is a myth.

From $20 to $300+ in One Month

Every major AI coding tool has a $10-20/month base plan — but these are designed for light use. Serious vibe coders hit rate limits within days and upgrade to $100-200/month plans. Add tool stacking (Claude Max + Cursor + Copilot) and the real monthly cost is $160-400+. One developer reported their Cursor bill jumping from $23 to $2,847 after an agent ran unchecked.

Hidden Costs

Token waste from not understanding code (2-5x cost inflation), multi-tool subscriptions averaging $150-400/month, and production costs ($6,000-32,000 in Year 1) that nobody warns about. At 500 active users, API costs range from $150/month to $4,500/month depending on model choice.

The Quality Tax

66% of developers struggle with AI code that's close but wrong. For vibe coders who can't inspect code, each near-miss triggers another expensive AI iteration. Production-hardening requires 2-4x the original development time.

Track Your Real Costs

BurnRate tracks AI spending across all 7 providers locally. Install: brew install burnrate-dev/tap/burnrate

The Real Cost of AI Coding Tools in 2026: What Developers Actually Spend on Claude, Cursor, and Copilot

March 6, 2026 · 12 min read · Data, Industry Research, Cost Analysis

Every developer using AI coding tools has the same question: "Am I getting my money's worth?"

The sticker prices are all over the map. GitHub Copilot Pro is $10/month. Cursor Pro is $20/month. Claude Code Max ranges from $100 to $200/month. But sticker price tells you almost nothing about what you'll actually spend — because the real costs are hidden in usage-based pricing, overlapping subscriptions, and invisible rate limits.

The Landscape: 84% of Developers Now Use AI Tools

According to the 2025 Stack Overflow Developer Survey, 84% of developers now use or plan to use AI coding tools — up from 76% in 2024 and just 44% in 2023.

What Developers Actually Pay

Individual developers typically spend $120-$3,120+ per year on AI coding tools. The wide range reflects the gap between subscription sticker prices and actual usage-based costs.

The Hidden Costs Nobody Tracks

Context window waste, token cache misses, and redundant API calls add 20-40% to your effective AI spending. Most developers have zero visibility into these costs because each tool has its own isolated billing dashboard.

Track Every Dollar with BurnRate

BurnRate is a free, local-first CLI that tracks your AI coding costs across Claude Code, Cursor, Copilot, Windsurf, Aider, Cline, and OpenAI Codex — all in one dashboard.

Install: brew install burnrate-dev/tap/burnrate

How to Cut Your Claude Code Costs by 40%

March 6, 2026 · 9 min read · Optimization, Claude Code, Tips

Practical strategies for reducing your Claude Code spending using context management, model selection, budgets, and BurnRate's optimization engine — without sacrificing productivity.

Context Management

Use /compact aggressively, start fresh sessions for new tasks, and use CLAUDE.md to front-load context instead of letting the model re-discover your codebase each session.

Model Selection

Default to Sonnet for routine tasks. Reserve Opus for complex reasoning and architecture. Sonnet costs ~5x less per token.

Budget Controls

Set per-project and daily budgets in BurnRate to get alerts before overspending. The optimization engine identifies 20+ patterns to reduce costs.

Install: brew install burnrate-dev/tap/burnrate

AI Coding Tool Spending: What Teams Actually Pay in 2025

March 6, 2026 · 11 min read · Teams, Industry Data, Benchmarking

Industry benchmarking data on AI coding tool costs across team sizes and tool stacks. Compare your spending against real-world averages for Claude Code, Cursor, Copilot, and Codex CLI.

Team Spending by Size

Small teams (2-5 devs) spend $200-$1,000/month on AI tools. Mid-size teams (10-25 devs) spend $2,000-$8,000/month. Enterprise teams (50+ devs) can exceed $20,000/month across tool stacks.

The Multi-Tool Problem

70% of teams use 2-4 AI coding tools simultaneously, creating overlapping subscriptions and invisible waste. Most teams have zero cross-tool visibility.

Track Team Spending

BurnRate aggregates costs across all providers for your entire team. Install: brew install burnrate-dev/tap/burnrate

Claude Code vs Cursor: Real Cost Comparison (2026)

March 7, 2026 · 14 min read · Comparison, Claude Code, Cursor, Cost Analysis

Claude Code and Cursor are two of the most popular AI coding tools in 2026 — and they take fundamentally different approaches to pricing. We compared official pricing from claude.com and cursor.com to build this comparison.

Pricing Models: Different Architectures

Claude Code offers tiered plans: Pro ($20/mo), Max 5x ($100/mo), and Max 20x ($200/mo), using Sonnet 4.6 and Opus 4.6. Cursor switched to usage-based credit pools in June 2025: Pro ($20/mo with $20 credits), Pro+ ($60/mo with ~$70 credits), Ultra ($200/mo with ~$400 credits).

Credit Burn Rates

Cursor credits deplete based on model choice: $20 buys ~550 Gemini requests, ~500 GPT requests, or ~225 Claude Sonnet requests. Model selection is the hidden cost driver.

Real-World Cost Scenarios

Light use: both $20/month. Moderate use: Claude Max 5x ($100) vs Cursor Pro+ ($60). Heavy use: both $200/month (Claude Max 20x vs Cursor Ultra).

Track Both Tools with BurnRate

BurnRate monitors your Claude Code and Cursor usage side by side. Install: brew install burnrate-dev/tap/burnrate

Sources: claude.com/pricing, cursor.com/pricing, Anthropic model docs, Vantage Cursor pricing analysis.

Copilot vs Cursor vs Claude Code: Which AI Coding Tool Costs More?

March 7, 2026 · 15 min read · Comparison, Copilot, Cursor, Claude Code, Cost Analysis

GitHub Copilot, Cursor, and Claude Code are three of the most widely-used AI coding tools in 2026. Each uses a fundamentally different pricing model, making comparison difficult.

Monthly Prices Side by Side

Copilot: $10/mo Pro (300 premium reqs) or $39/mo Pro+ (1,500 reqs). Cursor: $20/mo Pro ($20 credits), $60/mo Pro+ (~$70 credits), $200/mo Ultra (~$400 credits). Claude Code: $20/mo Pro, $100/mo Max 5x, $200/mo Max 20x. Teams: Copilot $19/user, Cursor $40/user, Claude $150/seat.

How Billing Works

Copilot uses premium request quotas with model multipliers. Extra requests cost $0.04 each. Cursor uses credit pools that deplete based on model choice. Claude Code uses rolling 5-hour usage windows with weekly caps.

Cost Per Coding Hour

Light use: Copilot $0.08/hr, Cursor/Claude $0.17/hr. Moderate: Copilot $0.33/hr, Cursor $0.50/hr, Claude $0.83/hr. Heavy: all converge at $0.33-1.67/hr depending on plan.

Track All Three with BurnRate

BurnRate unifies costs across all providers. Install: brew install burnrate-dev/tap/burnrate

Sources: github.com/features/copilot/plans, cursor.com/pricing, claude.com/pricing, GitHub Docs premium requests, Vantage Cursor pricing analysis.

The State of AI Coding Tools in 2026: Claude Code Leads, Agents Go Mainstream

March 8, 2026 · 10 min read · Industry Research, Data, Trends

Claude Code overtook GitHub Copilot as the #1 AI coding tool in just eight months. 95% of developers now use AI tools weekly, 55% use autonomous agents, and Cursor hit $2B in annualized revenue.

95% Weekly Adoption

According to the Pragmatic Engineer's 2026 survey, 95% of developers use AI tools weekly, 75% use AI for half or more of their work, and 70% use 2-4 tools simultaneously.

Claude Code: Zero to #1

75% of startup developers report Claude Code as their primary tool. Its terminal-native, agentic workflow represents a shift from autocomplete to autonomous coding.

Market Segmentation

Startups favor Claude Code (75%), enterprises default to GitHub Copilot (56%), and mid-size companies use a mix of Cursor and Claude Code. Cursor hit $2B ARR with a $29.3B valuation.

Track Your AI Spending

BurnRate tracks costs across all providers locally. Install: brew install burnrate-dev/tap/burnrate

Sources: Pragmatic Engineer AI Tooling 2026, The AI Insider (Cursor $2B ARR), MIT Technology Review (Breakthrough Tech 2026), Panto AI Coding Stats.

Claude Code's Two Best New Features: /loop and Remote Control

March 8, 2026 · 8 min read · Tips, Claude Code, Optimization

Claude Code shipped /loop for recurring automated prompts and Remote Control for continuing sessions from your phone in v2.1.69-2.1.71 (Feb-March 2026).

/loop: Cron for Your AI Agent

/loop runs a prompt on a recurring interval: /loop 5m check the deploy. Supports seconds, minutes, hours, days. Can run other commands: /loop 20m /review-pr 1234. Session-scoped with 3-day auto-expiry, 50 task limit.

Remote Control: Your Terminal on Your Phone

Start a session on your machine, continue from any device. Everything runs locally — files, MCP servers, config stay on your machine. Available on Pro, Max, Team, Enterprise plans. Auto-reconnects on network drops.

Cost Impact

Both features are included in your subscription but change usage patterns. A /loop 5m running 8 hours = 96 extra AI interactions. Track spending with BurnRate: brew install burnrate-dev/tap/burnrate

Sources: Claude Code Docs (scheduled-tasks, remote-control), Claude Code Release Notes v2.1.69-2.1.71, VentureBeat, The Decoder.

Claude Code: API Key vs Subscription — When Each Makes Sense

March 9, 2026 · 10 min read · Cost Analysis, Claude Code, Guide

Claude Code offers two billing paths: pay-per-token API keys and flat-rate Max subscriptions. One developer tracked 10 billion tokens over 8 months — the API would have cost $15,000, but the subscription cost $800.

API Token Pricing

Opus 4.6: $5/$25 per MTok (input/output). Sonnet 4.6: $3/$15. Haiku 4.5: $1/$5. Cache reads cost 90% less. Batch processing gives a flat 50% discount.

Subscription Plans

Pro ($20/month), Max 5x ($100/month), Max 20x ($200/month). Usage governed by 5-hour rolling windows and 7-day weekly caps. Quota shared with claude.ai web chat.

When to Use Each

Subscriptions win for daily interactive use — the average developer spends $6/day on API, or $180/month, vs. $100 for Max 5x. API keys win for sporadic usage, team spend controls, third-party routing (Bedrock, Vertex, LiteLLM), CI/CD automation, and batch processing.

Track Your Costs

BurnRate monitors Claude Code sessions locally — API or subscription. Install: brew install burnrate-dev/tap/burnrate

Sources: Anthropic API Pricing, Claude Plans & Pricing, Claude Code Docs (costs, third-party-integrations), KSRed Pricing Guide.

Every AI Coding Tool Just Became an Agent Platform

March 12, 2026 · 12 min read · Industry Research, Comparison, Data

In early 2026, every major AI coding tool shipped autonomous agent capabilities. Claude Code launched Agent Teams — multiple AI sessions that coordinate, share discoveries, and divide work in parallel. Cursor shipped Automations — event-driven agents triggered by PRs, Slack messages, or schedules. GitHub Copilot's coding agent now goes from issue to PR with self-review and built-in security scanning.

What Each Tool Shipped

Claude Code: Agent Teams (Feb 2026), /loop command, HTTP hooks, native MCP management, voice in 20 languages. 1M token context window remains the largest. Cursor: Automations (Mar 5), Background Agents (up to 8 parallel), BugBot for auto PR review, Memories for persistent learning. Copilot: model picker (Claude/GPT), self-review, custom agents via .github/agents/, CLI with Plan and Autopilot modes. Windsurf: Cascade went fully agentic with persistent Memories. Kiro: spec-driven three-phase workflow with hooks. Codex CLI: Rust rewrite, macOS multi-agent sandbox app.

The Convergence

Every tool now has autonomous agents, but they differentiate on where agents run (terminal vs IDE vs cloud), how autonomous they are (approval-gated vs fully unattended), and what they integrate with (GitHub-native vs MCP-based vs event-driven).

Track All Your Agents

BurnRate monitors usage across all 7 providers in one dashboard. Install: brew install burnrate

Autonomous AI Agents Are Silently Draining Developer Budgets

March 11, 2026 · 10 min read · Cost Analysis, Industry Research, Data

Background agents, agent mode, and multi-agent workflows are the fastest-growing line item in developer tooling. Cursor's Background Agents run up to 8 tasks in parallel. Copilot's agent mode consumes 8-16x premium requests per task. Claude Code's agentic workflows iterate autonomously through plan-code-test cycles.

Why Agents Cost 5-50x More

A single chat message costs ~$0.02. An agent task (plan → code → test → fix) costs $1-6 depending on model. Background agents on complex features can hit $3-6 per run. Run 8 in parallel and you burn a month's credits in an afternoon.

Platform Costs

Copilot Pro: 300 premium requests/mo = ~19-37 agent tasks. Overage: $0.04/request, heavy users hit $320/mo. Cursor Pro: ~4-5 complex background agent tasks before credits gone. Claude Code: average developer spends $6/day ($180/mo), mostly from agentic workflows.

Why Nobody Sees It Coming

Fire-and-forget billing (agents iterate while you're not looking), hidden model multipliers (1 agent task = 16 premium requests), and no cross-platform visibility across 3+ billing dashboards.

Track Agent Costs

BurnRate monitors all 7 providers in one dashboard. Install: brew install burnrate

GitHub Copilot's Model Multiplier Problem: Why Your 300 Premium Requests Might Only Be 10

March 13, 2026 · 9 min read · Cost Analysis, Copilot, Guide

GitHub Copilot now offers 15+ models with premium request multipliers ranging from 0x to 30x. GPT-5.4 went GA on March 5, Grok Code Fast 1 landed on the free tier March 4, and Claude Opus 4.6 fast mode costs 30 premium requests per interaction. Most developers don't realize how these multipliers reshape their monthly allocation.

How Premium Request Multipliers Work

Each Copilot model has a multiplier: GPT-5 mini is 0x (free), Claude Sonnet is 1x, Claude Opus 4.6 is 3x, and Opus 4.6 fast mode is 30x. A Pro subscriber with 300 monthly requests gets unlimited GPT-5 mini interactions but only 10 Opus 4.6 fast mode queries. The coding agent compounds this — each steering comment costs a full premium request at the model's rate.

GPT-5.4 and Grok Code Fast 1

GPT-5.4 at 1x multiplier is the sweet spot for agentic coding. Grok Code Fast 1 at 0.25x stretches free-tier allocations further. Auto model selection routes between these automatically, but which model gets chosen is opaque.

Optimization Strategies

Use 0x models for routine work. Reserve Opus for complex reasoning. Watch coding agent steering costs. Track multiplier-adjusted usage with BurnRate: brew install burnrate-dev/tap/burnrate

Sources: GitHub Docs (premium requests), GitHub Changelog (GPT-5.4 GA, Grok Code Fast 1, coding agent auto-approval), GitHub Copilot Plans.

Claude's 1M Context Window at Standard Pricing: The Real Cost Math

March 16, 2026 · 10 min read · Cost Analysis, Claude Code, Guide

On March 13, 2026, Anthropic made the 1M token context window generally available for Claude Opus 4.6 and Sonnet 4.6 at standard pricing — no long-context surcharge. A 900K-token request costs the same per-token rate as a 9K one. Opus 4.6: $5/$25 per MTok. Sonnet 4.6: $3/$15 per MTok.

What Changed

No beta header required for 200K+ requests, full rate limits at every context length, and 6x media capacity (600 images/PDFs, up from 100). 1M context is available in Claude Code for Max ($100+/mo), Team, and Enterprise users — Pro plan stays at 200K.

The Real Cost

A full 1M-token input + 100K output on Opus 4.6 costs $7.50 per API call. Sonnet 4.6: $4.50. Agentic workflows making 5-10 calls per task can run $20-50. Prompt caching cuts input costs 90% ($0.50/MTok cached vs $5.00 uncached on Opus).

Benchmark Performance

Opus 4.6 scores 78.3% on MRCR v2 at 1M tokens — 2x GPT-5.4 (36%) and 3x Gemini 3.1 Pro (26.3%). At 256K, Opus hits 92-93% vs GPT-5.2's 63.9%. Claude Code remains the only tool with native 1M context; Cursor (~200K), Copilot (~128K), and Windsurf (~128K) lag behind.

Optimization Tips

Use scoped prompts (80% token reduction). Enable prompt caching ($45 savings per 10-call agentic task). Batch related work into single sessions (40% lower costs). Use Sonnet for exploration, Opus for execution. Track costs with BurnRate: brew install burnrate-dev/tap/burnrate

Sources: Claude Blog (1M Context GA), Anthropic API Pricing, InfoQ (Opus 4.6 Context Compaction), Hacker News discussion, Cursor Forum.

The Real Cost of Stacking AI Coding Tools: What Multi-Tool Developers Actually Spend

March 17, 2026 · 11 min read · Cost Analysis, Comparison, Data

70% of developers use 2-4 AI coding tools simultaneously, but the average user only actively uses 42% of their paid subscriptions. Here's what multi-tool stacks actually cost and how to optimize your spending.

Seven Pricing Models You're Juggling

Every major AI coding tool uses a different billing mechanism — subscriptions, credit pools, prompt credits, premium requests, or BYOK API tokens. Stacking 2-3 tools means managing all of these simultaneously, and costs compound in ways most developers never calculate.

Real-World Multi-Tool Stacks

Five common stacks range from $30/mo (Copilot Pro + Cursor Pro) to $260-400+/mo (Claude Max 20x + Cursor Ultra + Copilot Pro+). The "Kitchen Sink" stack pays for premium access to the same underlying models through three different tools — most developers could cut 40-50% without losing capability.

The 42% Utilization Problem

Waste comes from overlapping model access (Claude Sonnet is in every tool), unused credits that don't roll over (Cursor and Windsurf credits expire monthly), and subscription inertia from tools that were essential months ago but are now redundant.

The 1+2 Model

The most cost-effective approach: one primary subscription tool plus one or two BYOK tools (Aider, Cline). BYOK tools charge $0 for software — you pay only for API tokens. This eliminates subscription waste entirely. Track all your tools in one place with BurnRate: brew install burnrate-dev/tap/burnrate

Sources: Stack Overflow 2025 Developer Survey, DX AI Coding Assistant Pricing, Cursor Models & Pricing, Windsurf Plans & Credit Usage, GitHub Copilot Plans, Morph/Aider Token Benchmark.

AI-Generated Code Quality: What the Research Says About Bugs, Security, and Technical Debt

March 18, 2026 · 12 min read · Code Quality, Security, Research

45% of AI-generated code fails security tests according to Veracode's 2025 report testing 100+ LLMs. Code duplication has increased 8x since 2022 per GitClear's analysis of 211 million changed lines. And METR's randomized controlled trial found experienced open-source developers are actually 19% slower when using AI tools. Here is what the research says about AI code quality and what developers should do about it.

Security Vulnerabilities: The 45% Failure Rate

Veracode tested 100+ LLMs across 80 code completion tasks in Java, Python, C#, and JavaScript. 45% of generated code introduced OWASP Top 10 vulnerabilities. Java had the worst failure rate at 72%. Cross-site scripting defenses failed 86% of the time; log injection was insecure 88% of the time. Only SQL injection showed reasonable results with an 80% pass rate.

Code Quality: 1.75x More Logic Errors

Qodo's 2025 State of AI Code Quality report surveyed developers and analyzed PR data. AI-generated pull requests contain 10.83 issues each versus 6.45 in human-written PRs. AI code shows 1.75x more logic errors, 1.64x more maintainability issues, 1.57x more security findings, and 1.42x more performance problems. 65% of developers say AI misses critical context during refactoring and code review.

The Technical Debt Multiplier

GitClear analyzed 211 million changed lines of code (2020-2024) and found code duplication increased 8x with AI adoption. Copy-pasted lines rose from 8.3% to 12.3% of all changes, while refactoring dropped from 25% to under 10%. Code churn — code added then quickly modified or deleted — is projected to hit 7% by 2025, indicating developers are shipping AI code and immediately fixing it.

The METR Productivity Paradox

METR's randomized controlled trial with 16 experienced open-source developers (averaging 5 years and 1,500 commits on their repos) found AI tools made them 19% slower. Developers expected a 24% speedup and still believed AI helped even after measured slowdowns. Less than 44% of AI suggestions were accepted — the review-test-reject cycle consumed more time than manual coding.

Practical Defenses

Never ship AI-generated code without security scanning. Run SAST tools (CodeQL, Semgrep, Snyk) on every PR. Treat AI output like junior developer code — review every line. Focus AI on boilerplate and tests where quality risks are lower. Track defect density from AI-assisted vs manual PRs to measure real impact on your codebase. Monitor your AI tool usage patterns with BurnRate to understand which workflows produce the best results: brew install burnrate-dev/tap/burnrate

Sources: Veracode 2025 GenAI Code Security Report, Qodo 2025 State of AI Code Quality, GitClear AI Code Quality 2025, METR Developer Productivity Study, GitHub Copilot Code Quality Research.

AI Coding Tool Telemetry: What Your Tools Send Home and How to Lock Them Down

March 19, 2026 · 11 min read · Privacy, Telemetry, Security

81% of developers worry about AI tool privacy according to Stack Overflow's 2025 survey, but only 29% actually trust these tools with their data. Most developers have no idea what Cursor, Copilot, Claude Code, and Windsurf actually transmit, how long data is retained, or who can access it. This tool-by-tool breakdown covers exact telemetry, retention periods, and the specific settings to disable data collection.

The Privacy Scorecard: How Tools Rank

A peer-reviewed study on arXiv evaluated five major AI coding providers across 14 criteria. Google Gemini scored highest (89.25/100), followed by Anthropic Claude (81.88), GitHub Copilot (78.75), Amazon Q Developer (72.38), and OpenAI GPT (68.00). Only Anthropic implements opt-in consent by default — the other four use opt-out models where your code is collected for training unless you explicitly disable it.

GitHub Copilot: Tier-Dependent Privacy

Copilot Individual retains prompts and suggestions by default when telemetry is enabled, and uses your data for model training on an opt-out basis. Business and Enterprise tiers retain neither prompts nor suggestions, and never use data for training. GitGuardian found that 6.4% of Copilot-active repos leaked secrets — 40% higher than the baseline rate across all public repositories.

Cursor: Three Privacy Modes

Cursor offers Share Data (default, collects everything), Privacy Mode with Storage (no training, limited storage for features), and Ghost Mode (zero retention, but disables Background Agents and indexing). All requests route through Cursor's backend even with BYOK. Cursor inherits VS Code telemetry and adds its own via api3.cursor.sh.

Claude Code: Transparent Telemetry

Claude Code sends prompts and outputs to Anthropic's API (TLS encrypted), plus Statsig metrics and Sentry errors (no code or file paths). Opting in to training means 5-year retention; opting out means 30 days. Enterprise offers zero data retention. All non-essential telemetry can be disabled with CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1.

BYOK Tools: The Privacy Advantage

Aider, Cline, and Roo Code use bring-your-own-key architecture — code goes directly to your chosen provider with no intermediary. Both Cline and Roo Code collect anonymous PostHog telemetry (no code or prompts) that can be disabled. Aider with local Ollama models sends zero data off your machine.

Lock Down Your Tools

Audit your current privacy settings, understand your tier's data handling, use content exclusions for sensitive files, prefer BYOK for regulated codebases, and vet all extensions after Microsoft discovered 900,000 malicious AI extension installs in March 2026. Track your AI tool usage locally with BurnRate: brew install burnrate-dev/tap/burnrate

Sources: Stack Overflow 2025 Developer Survey, arXiv Privacy Scorecard, Anthropic Claude Code Data Usage Docs, Cursor Data Use Overview, GitHub Copilot Metrics Data, GitGuardian Copilot Privacy Analysis, Windsurf Security, Microsoft Security Blog.

The MCP Ecosystem Explosion: 18,000 Servers, 9 Breaches, and a 55,000-Token Problem

March 20, 2026 · 12 min read · MCP, Security, Cost Optimization

The Model Context Protocol launched in November 2024 as Anthropic's open standard for connecting AI assistants to external tools. Sixteen months later, the ecosystem has exploded to 18,738 servers, with support from every major AI coding tool. But the rapid growth has created real problems: the GitHub MCP server alone burns 55,000 tokens per session, nine documented security breaches have hit the ecosystem, and 43% of servers contain command injection vulnerabilities.

The Token Cost Problem

MCP servers inject tool schemas into every conversation turn. The GitHub MCP server's 93 tools consume 55,000 tokens before your agent does any work. A 30-tool setup over 15 turns burns 54,525 tokens on schema definitions alone. Perplexity publicly removed MCP support after finding it consumed 15-20x more tokens than CLI for equivalent tasks. Solutions like mcp2cli reduce overhead by 96-99% through lazy tool loading.

9 Security Breaches in 12 Months

From WhatsApp message exfiltration to supply chain attacks on the Smithery registry, MCP has had nine significant security incidents since April 2025. 43% of servers contain command injection vulnerabilities, 33% allow unrestricted network access, and 5% of open-source servers are seeded with tool poisoning attacks. The mcp-remote CVE-2025-6514 affected 437,000+ downloads.

MCP Support Across AI Coding Tools

Claude Code, Cursor, Copilot (all tiers), Windsurf, Cline, Roo Code, and Zed all support MCP. For API-priced tools, MCP overhead hits your bill directly — a developer running 20 Claude Code sessions/day with GitHub MCP active spends roughly $348/month on tool descriptions alone. Subscription tools absorb the cost but reduce effective capacity.

A Cost-Aware MCP Strategy

Start with 2-3 servers maximum, prefer small focused servers over mega-servers, audit for security before installing, use lazy loading for heavy setups, and monitor actual cost impact. Track your AI tool costs with BurnRate: brew install burnrate-dev/tap/burnrate

Sources: Anthropic MCP Announcement, Official MCP Registry, MCP.so, FastMCP, AuthZed Breach Timeline, Practical DevSecOps, Invariant Labs, mcp2cli, 2026 MCP Roadmap.