RecordPoint this week added a Model Context Protocol (MCP) Server that promises to make it simpler for organizations to govern how artificial intelligence (AI) applications and agents access data.
Instead of directly accessing backend data, the RecordPoint MCP server enables organizations to apply policies to, for example, an AI agent that is accessing backend data via a RecordPoint platform that can be connected to hundreds of backend platforms where data resides.
The overall goal is to make it possible to centrally apply governance policies without having to apply them on each platform an AI agent might need to access, says Joseph Pearce, head of product for RecordPoint.
That approach also makes it feasible for organizations to apply governance policies at the front end of workflows before the AI agent is allowed to access data, he adds.
That’s critical because most of the issues that are making it challenging to operationalize AI in organizations can be traced back to security, compliance and privacy concerns, says Pearce. While business leaders and technology advocates remain enthusiastic about AI, it’s typically the middle later of organizations that are holding up adoption because of these concerns, he notes.
Most organizations outside of highly regulated industries don’t have especially robust data governance policies in place but with the rise of AI agents the need to manage what data is being made accessible is becoming a more critical requirement.
In the absence of any robust policies, AI agents will attempt to access any and all data that is accessible to them regardless of how sensitive it might be. RecordPoint is making a case for using an existing data governance platform to enable AI agents to access data in a way that makes it possible to centrally apply policies. “It makes it possible for AI agents to access data safely,” says Pearce.
Additionally, that approach also helps to reduce processing costs by narrowing the scope of the pool of data that an AI agent is allowed to process and analyze, he adds.
There will, of course, soon come a day when auditors will be able to deploy their own AI agents to surface when compliance mandates have been violated inadvertently either by a human or an AI agent. Given how aggressive AI agents can be, the number of fines that might be potentially levied could quickly become astronomical.
More troubling still, if an AI agent winds up leaking data in a way that creates an issue for a customer, the potential reputational damage that gets created might never be repaired, notes Pearce.
At this juncture, it’s not so much a question of whether organizations need to apply governance to AI so much as it is to what degree and how soon. In many cases, sensitive data has already been leaked: it just hasn’t manifested itself in the output generated by an AI agent. Once those incidents become more common, however, it won’t be long before the same business and IT leaders that are calling for rapid adoption of AI also start pleading for more governance.
