Back to blog
Luca Martial
Luca Martial

CEO at Kaelio

15 min read

Model Context Protocol (MCP) and the Future of Governed AI Data Access

By Luca Martial, CEO & Co-founder at Kaelio | Ex-Data Scientist | 2x founder in AI + Data | ex-CERN, ex-Dataiku ·

Every AI agent that touches enterprise data faces the same problem: it needs context. Not just raw table schemas, but governed metric definitions, access rules, lineage, and domain knowledge. Without that context, agents hallucinate metrics, ignore security boundaries, and produce results that nobody trusts. Model Context Protocol (MCP) solves the plumbing problem by giving AI agents a universal, standardized way to discover and consume that context. Platforms like Kaelio use MCP to serve governed context to any compatible agent, eliminating the need for custom integrations and ensuring that every AI interaction with your data is accurate, secure, and auditable.

At a Glance

  • Model Context Protocol (MCP) is an open standard created by Anthropic that provides a universal interface for AI agents to discover and consume external context, tools, and resources. It has since been donated to the Linux Foundation to advance open governance
  • MCP uses a client-server architecture: AI applications (clients) connect to MCP servers that expose structured data, executable tools, and templated prompts
  • Major AI platforms have adopted MCP, including OpenAI's Agents SDK, Claude Desktop, and a growing ecosystem of development tools
  • Kaelio acts as an MCP server, delivering governed context layer capabilities (metric definitions, schema info, lineage, access rules) to any MCP-compatible AI agent
  • One context layer, any agent, always governed. Build your context layer once, serve it to Claude, ChatGPT, or custom agents through MCP or REST API
  • MCP eliminates the N-times-M integration problem where every data tool must build custom connectors for every AI vendor

The Context Gap in Enterprise AI

AI agents are increasingly being deployed to answer business questions, generate reports, and automate analytical workflows. According to Gartner, AI-augmented analytics will be a dominant driver of data strategy through 2027. But there is a fundamental disconnect between what these agents can access and what they need to produce trustworthy results.

Consider what happens when an AI agent receives a question like "What was our net revenue retention last quarter?" Without governed context, the agent sees raw database tables. It guesses at joins, invents metric calculations, and has no awareness of your organization's specific definition of "net revenue retention." The result might look plausible. It might even be close. But close is not good enough when executives are making decisions based on the answer.

This is the context gap. Raw schema access is not enough. Agents need:

  • Metric definitions: How your organization calculates NRR, ARR, churn, and every other business metric
  • Schema context: Which tables matter, how they relate, and what the columns actually mean in business terms
  • Access rules: Who can see what data, enforced at the row and column level
  • Data lineage: Where metrics come from, how they are transformed, and which upstream sources feed them
  • Domain knowledge: Business rules, fiscal calendar definitions, currency conventions, and edge cases

This is exactly what a context layer provides. Without a standardized way to deliver this context, every AI vendor ends up building custom integrations. Your data team builds a plugin for Claude, then another for ChatGPT, then another for your internal agent framework. Each integration drifts out of sync. Governance becomes impossible to enforce consistently.

This is the problem MCP was designed to solve.

What Is Model Context Protocol (MCP)?

Model Context Protocol is an open standard originally created by Anthropic in late 2024 and now governed by the Linux Foundation. It provides a universal interface for AI applications to discover and consume external context, tools, and resources. Think of it as a USB-C port for AI. Instead of every device needing a different cable, MCP provides one standardized connection that works across the ecosystem. The full protocol specification is publicly available, and developers can build servers using the official Python SDK or TypeScript SDK.

The Architecture

MCP uses a client-server architecture with clearly defined roles:

  • MCP Clients are AI applications (like Claude Desktop, an IDE with AI features, or a custom agent) that need external context to function effectively
  • MCP Servers are services that expose data, tools, and prompts through the standardized MCP interface. A server could be a database connector, a documentation index, or a governed context layer like Kaelio
  • The Protocol defines how clients discover what a server offers, request specific resources, invoke tools, and handle responses

This separation is powerful. The AI application does not need to know the implementation details of the data source. It just speaks MCP.

What MCP Servers Expose

MCP servers can expose three categories of capabilities:

Resources are data and context that the AI can read. This includes documents, database schemas, metric definitions, configuration files, or any structured information the agent needs to do its job. Resources are identified by URIs and can be static or dynamic.

Tools are executable functions that the AI can invoke. A tool might run a SQL query, fetch live data, trigger a workflow, or perform a calculation. Tools have defined input schemas and return structured results.

Prompts are templated interactions that encode best practices for working with the server's domain. A prompt might define the optimal way to ask about revenue metrics or guide the agent through a multi-step analytical workflow.

Transport Layer

MCP is transport-agnostic. The specification supports multiple transport mechanisms:

  • stdio: For local integrations where the client and server run on the same machine. The client launches the server as a subprocess and communicates over standard input/output.
  • Streamable HTTP: For remote integrations over the network, using HTTP with optional Server-Sent Events (SSE) for streaming responses.

This flexibility means MCP works for local development tools, cloud-hosted platforms, and everything in between.

Why MCP Changes the Game for Enterprise Data

Before MCP, connecting AI agents to enterprise data meant building bespoke integrations. Every combination of AI vendor and data tool required its own connector, authentication flow, and context-delivery mechanism. This created an N-times-M integration problem that scaled poorly and made governance nearly impossible.

MCP collapses this into an N-plus-M problem. Data platforms build one MCP server. AI applications build one MCP client. Everything connects.

The Integration Problem, Quantified

Consider an enterprise with five data tools (warehouse, transformation layer, BI platform, semantic layer, documentation system) and three AI agents (Claude, ChatGPT, an internal agent). Without MCP, that is 15 custom integrations to build and maintain. Add one more AI agent and you need 20. Add one more data tool and you need 24.

With MCP, each data tool builds one server (5 servers total) and each AI agent builds one client (3 clients total). That is 8 components instead of 15. Add a new agent and you add 1 client, not 5 integrations. The math gets better as the ecosystem grows.

Industry Adoption

MCP adoption has accelerated rapidly since its introduction. Anthropic announced MCP as an open standard with pre-built server implementations for popular enterprise tools. The MCP servers repository on GitHub hosts reference implementations for databases, development tools, and productivity platforms.

OpenAI adopted MCP for its Agents SDK in early 2025, signaling that MCP is becoming the industry default rather than a single-vendor initiative. Anthropic then donated MCP to the Linux Foundation to ensure vendor-neutral governance of the standard. Development tools like Cursor, Windsurf, and Zed have integrated MCP support. Companies like Cloudflare and Block (Square) have built MCP integrations for their platforms. The official MCP servers repository now includes reference implementations for Postgres, Slack, GitHub, Google Drive, and dozens of other platforms.

This broad adoption matters because it validates the core premise: AI agents need a standardized way to access external context, and the industry is converging on MCP as that standard.

How Context Layers Use MCP to Serve Governed Data

A context layer sits between your raw data infrastructure and the AI agents that need to understand it. It centralizes metric definitions, business logic, access controls, and domain knowledge into a single governed source of truth. Understanding the relationship between context layers and semantic layers is key to building a complete governed data architecture. When that context layer speaks MCP, any AI agent in the ecosystem can consume it.

This is where the architecture becomes genuinely powerful. Instead of each AI agent independently trying to figure out your data, every agent gets the same governed context from the same source. The semantic layer ensures consistent metric definitions. The access control layer enforces security. The lineage layer provides transparency. And MCP delivers all of it through a single standardized protocol.

What Governed Context Looks Like Over MCP

When an MCP client (an AI agent) connects to a governed context layer, it can discover and consume:

  1. Metric catalogs: Machine-readable definitions of every business metric, including the SQL logic, aggregation rules, and dimensional breakdowns
  2. Schema documentation: Enriched table and column descriptions that go beyond raw data types to explain business meaning
  3. Access policies: Rules that determine which data a specific user or role can see, enforced before any query runs
  4. Lineage graphs: Upstream and downstream dependencies that help agents understand where data comes from and how it flows
  5. Domain glossaries: Standardized terminology that ensures agents use consistent business language

This is fundamentally different from giving an agent direct database access. Direct access gives the agent raw schemas and hopes for the best, which is precisely why semantic layers alone are not enough to prevent hallucinations. Governed context gives the agent everything it needs to produce accurate, trustworthy, and compliant results.

The Governance Advantage

Without a governed context layer, AI agents face several risks that MCP alone cannot solve:

Metric inconsistency: Two agents querying the same database might calculate "monthly active users" differently because each infers its own logic from raw tables. A governed context layer defines the canonical calculation once and serves it to every agent through MCP.

Security violations: An agent with raw database access might return data that the requesting user should not see. A governed context layer enforces row-level and column-level security before context is served, ensuring that MCP responses respect existing access controls.

Audit gaps: When agents generate queries independently, there is no centralized audit trail. A governed MCP server logs every context request, every tool invocation, and every query generated, creating a complete audit trail for compliance. This is particularly important for organizations operating under SOC 2 or similar compliance frameworks.

Definition drift: As business logic evolves, raw schema access gives agents stale context. A governed context layer maintains a living, versioned source of truth that reflects current definitions.

How Kaelio Implements MCP for Governed AI Data Access

Kaelio acts as an MCP server that serves governed context to any MCP-compatible client. The architecture is straightforward: Kaelio connects to your existing data infrastructure (warehouse, transformation layer, BI tools) through 900+ connectors, absorbs organizational logic, and exposes it as governed context through both MCP and REST API. You can build a context layer in minutes, not months.

The Flow

Here is how a typical interaction works:

  1. An AI agent (Claude, ChatGPT, a custom agent) receives a business question from a user
  2. The agent connects to Kaelio's MCP server and discovers available resources and tools
  3. The agent requests relevant context: metric definitions for the question's domain, schema information for the relevant tables, access rules for the requesting user
  4. Kaelio returns governed context that includes the canonical metric calculation, the correct joins, dimensional hierarchies, and any applicable access restrictions
  5. The agent uses this context to generate an accurate, governed SQL query or analytical response
  6. The query runs against the data warehouse with proper security controls, and the agent returns results to the user

Every step is logged. Every metric definition is versioned. Every access rule is enforced. The user gets a trustworthy answer, and the data team gets a complete audit trail.

One Context Layer, Any Agent

The most significant architectural benefit is agent interoperability. Kaelio's MCP server serves the same governed context regardless of which AI agent is consuming it. This means:

  • Claude connects natively via MCP and receives governed metric definitions, schema context, and access rules
  • ChatGPT and OpenAI-based agents connect via MCP through OpenAI's Agents SDK adoption of the protocol
  • Custom agents built on LangChain, LlamaIndex, or any framework that supports MCP can consume the same context
  • Non-MCP agents access identical governed context through Kaelio's REST API

Build once. Serve everywhere. This eliminates the vendor lock-in that has plagued enterprise data tooling for years. If your organization switches AI providers or adds a new agent to the stack, the governed context layer does not change. The new agent simply connects to the same MCP server and immediately gets governed, accurate context.

What Kaelio Exposes Through MCP

Through its MCP server, Kaelio exposes:

Resources:

  • Metric definitions with full SQL logic and business descriptions
  • Table and column documentation enriched with domain context
  • Data lineage showing upstream sources and downstream consumers
  • Access control policies applicable to the requesting user
  • Domain glossaries and business terminology

Tools:

  • Governed query generation that produces SQL respecting all access controls and metric definitions
  • Schema exploration that returns contextually relevant table and column information
  • Metric search that finds relevant metric definitions based on natural language descriptions
  • Lineage traversal that traces data flows for transparency and debugging

Prompts:

  • Analytical workflow templates optimized for common business questions
  • Multi-step investigation prompts that guide agents through complex analytical tasks

Technical Deep Dive: MCP in Practice

For data engineers and platform teams evaluating MCP integration, here are the technical details that matter.

Discovery and Capability Negotiation

When an MCP client connects to a server, it first performs capability negotiation. The client discovers what the server offers (which resources, tools, and prompts are available) and the server learns what the client supports. This discovery step is critical for governed data access because it allows the server to tailor its offerings based on the client's identity and the user's permissions.

Stateful Sessions

MCP supports stateful sessions, which matters for analytical workflows. When a user asks a follow-up question ("Now break that down by region"), the MCP server can maintain session state that includes the previous query context, the user's permissions, and the conversation history. This enables the kind of multi-turn agentic workflows that make conversational analytics practical.

Security Considerations

MCP itself is a transport protocol. It does not prescribe authentication or authorization mechanisms. This means the security layer must be implemented by the MCP server, which is exactly where a governed context layer like Kaelio adds value. Kaelio handles:

  • Authentication: Verifying the identity of the connecting agent and the end user
  • Authorization: Enforcing row-level and column-level access controls before serving any context
  • Audit logging: Recording every request and response for compliance
  • Rate limiting: Preventing abuse and managing resource consumption

This is an important distinction. MCP makes it easy for agents to access context. The governance layer makes sure that access is appropriate and auditable. Major cloud platforms like Snowflake and BigQuery already provide fine-grained data governance capabilities that a governed MCP server can leverage and extend to AI agents.

Comparison: MCP vs. Custom API Integrations

DimensionCustom API IntegrationsMCP
Setup per agentNew integration for each AI vendorOne MCP server, any client connects
MaintenanceUpdates required per integrationUpdate the server once, all clients benefit
DiscoveryManually documented endpointsAutomatic capability discovery
InteroperabilityVendor-specific protocolsUniversal open standard
EcosystemLimited to partnersGrowing community of servers and clients
GovernanceMust be reimplemented per integrationCentralized in the MCP server

What This Means for Data Teams

The convergence of MCP and governed context layers has practical implications for how data teams operate.

The BI Backlog Shrinks

Data teams spend enormous amounts of time fielding ad-hoc requests. When AI agents can access governed context through MCP, business users can get answers directly without waiting for a data analyst to write a query. The data team's role shifts from query execution to context curation: defining metrics, maintaining governance rules, and clearing the BI backlog by empowering self-serve access. This is why executives are increasingly asking for analytics copilots that can deliver instant, governed answers.

Governance Becomes Proactive

Traditional data governance is reactive. Someone discovers that two dashboards show different revenue numbers, and the data team scrambles to reconcile definitions. With a governed MCP server, metric definitions are centralized and versioned. Every agent consumes the same definitions. Discrepancies are caught at the source rather than discovered in a board meeting. Tools like dbt's MetricFlow and Cube provide complementary metric definition capabilities that feed into a governed context layer.

Agent-Agnostic Architecture

Organizations no longer need to bet on a single AI vendor. By building their context layer as an MCP server, they create an agent-agnostic architecture that works with any current or future AI platform. This is a significant strategic advantage. When a new AI model offers better analytical capabilities, you can adopt it immediately because the governed context layer is already in place.

The Role of the Semantic Layer Evolves

The semantic layer has traditionally served as a translation layer between raw data and BI tools. With MCP, its role expands to include AI agents as first-class consumers. Platforms like Kaelio that combine a semantic layer with MCP server capabilities are positioned at the intersection of two powerful trends: the standardization of AI context protocols and the centralization of business logic.

Solutions built on dbt Semantic Layer, AtScale, or similar platforms can expose their governed definitions through MCP, making the semantic layer the foundation of AI-ready data infrastructure. Teams already using dbt and LookML can extend their existing modeling investments into the AI agent ecosystem through MCP.

Looking Ahead: The MCP Ecosystem in 2026 and Beyond

MCP is still early in its adoption curve, but the trajectory is clear. The protocol is moving from developer tools toward enterprise data platforms, and governed context layers are among the most compelling server implementations.

Several trends will shape the ecosystem over the next 12 to 18 months:

Enterprise MCP server registries: Organizations will maintain internal registries of approved MCP servers, similar to how they manage approved SaaS applications today. The MCP specification already supports capability negotiation that makes registry-based discovery practical. Governed data context servers like Kaelio will be among the first entries, especially for enterprise AI analytics deployments.

Composable agent architectures: AI agents will routinely connect to multiple MCP servers simultaneously. An analytical agent might connect to Kaelio for data context, a documentation server for product knowledge, and a CRM server for customer data. MCP makes this composition natural. This composability is what makes conversational analytics for modern data warehouses practical at scale.

Governance-as-a-service: As more AI agents access enterprise data through MCP, the governed context layer becomes a critical piece of infrastructure. Organizations that invest in their context layer now will be better positioned to adopt new AI capabilities safely as they emerge.

Standards convergence: MCP will likely influence how other protocols handle AI-to-data communication. The client-server pattern and capability negotiation model provide a template that other standards bodies are watching closely. The MCP main site serves as the central hub for tracking protocol evolution and ecosystem growth.

Frequently Asked Questions

What is Model Context Protocol (MCP)?

Model Context Protocol (MCP) is an open standard originally created by Anthropic and now governed by the Linux Foundation. It provides a universal interface for AI applications to discover and consume external context, tools, and resources. It uses a client-server architecture where AI applications (clients) connect to MCP servers that expose data, tools, and prompts through a standardized protocol. MCP is transport-agnostic, supporting both local (stdio) and remote (HTTP/SSE) connections.

How does Kaelio use MCP to serve governed context?

Kaelio acts as an MCP server. When an AI agent like Claude needs data context, it queries Kaelio's MCP server and receives governed context including metric definitions, schema information, data lineage, access rules, and domain knowledge. The agent then uses this context to generate accurate, governed queries and answers. No custom integration is needed per agent. Any MCP client can consume Kaelio's context, and a REST API is available for non-MCP agents.

Which AI agents work with MCP?

MCP is supported natively by Claude Desktop and has been adopted by OpenAI for its Agents SDK. Development tools like Cursor, Windsurf, and Zed support MCP. Any AI application built as an MCP client can connect to MCP servers. The ecosystem is growing rapidly, with new clients and servers being added regularly. For agents that do not yet support MCP natively, Kaelio offers a REST API that serves the same governed context.

Why is governed context important for AI data access?

Without governed context, AI agents generate queries based on raw schema alone. This leads to inconsistent metric definitions, security violations, and inaccurate results. Governed context ensures that every AI-generated query uses the correct business logic, respects access controls, and aligns with the organization's single source of truth for metrics. A governed context layer like Kaelio centralizes this knowledge and serves it consistently to every agent.

Does MCP replace existing BI tools or data infrastructure?

No. MCP is a protocol layer that sits alongside your existing stack. It standardizes how AI agents discover and consume context from tools like Kaelio, which in turn connects to your existing data warehouse, transformation layer, and BI tools. MCP enhances your current infrastructure by making it accessible to AI agents in a standardized, governed way. Your dashboards, reports, and existing workflows continue to function exactly as they do today. For a deeper understanding of how context layers complement semantic layers in this architecture, see our guide on context layers vs. semantic layers.

Sources

  1. https://modelcontextprotocol.io/
  2. https://modelcontextprotocol.io/introduction
  3. https://modelcontextprotocol.io/specification/2025-03-26
  4. https://spec.modelcontextprotocol.io/
  5. https://www.anthropic.com/news/model-context-protocol
  6. https://www.linuxfoundation.org/press/anthropic-donates-model-context-protocol-to-linux-foundation-to-advance-agentic-ai
  7. https://openai.com/index/introducing-the-model-context-protocol/
  8. https://github.com/modelcontextprotocol/servers
  9. https://github.com/modelcontextprotocol/python-sdk
  10. https://github.com/modelcontextprotocol/typescript-sdk
  11. https://docs.getdbt.com/docs/use-dbt-semantic-layer/dbt-semantic-layer
  12. https://docs.getdbt.com/docs/build/about-metricflow
  13. https://cube.dev/docs/product/introduction
  14. https://atscale.com/solutions/universal-semantic-layer
  15. https://docs.snowflake.com/en/user-guide/data-governance
  16. https://cloud.google.com/bigquery/docs/authorized-views
  17. https://www.gartner.com/en/information-technology/topics/data-and-analytics

Get Started

Give your data and analytics agents the context layer
they deserve.

Auto-built. Governed by your team. Ready for any agent.

Book a DemoTry Free
SOC 2 Compliant
256-bit Encryption
HIPAA