Today, we are excited to announce a significant step forward in the practical application of AI governance with the contribution of the FINOS AI Governance Framework (AIGF) Model Context Protocol (MCP) Server. The MCP Server is a vital piece of infrastructure designed to operationalize AI governance within new AI-assisted working models, serving as an essential interface for AI agent frameworks. This contribution, spearheaded by Citi, embodies our collaborative spirit here at FINOS and collective commitment to building secure and responsible AI innovation.

Bridging the Gap: From Frameworks to Operationalized Governance

In an era marked by AI-enabled attack vectors, the imperative to use AI in our defence and risk assessments has never been clearer. Traditional, human-driven risk assessments alone can be insufficient to detect subtle anomalies and complex attack patterns at the speed and scale required. This is where the AIGF MCP Server comes in.

Just as a user interface (UI) enables humans to interact with complex systems, the MCP server provides the structured, governed context that AI agents need to perform their tasks responsibly. It acts as the intelligent "middleware" that allows an AI agent to become a governed AI agent, capable of performing risk assessments with better precision.

How the AIGF MCP Server Empowers AI Agents

The Model Context Protocol defines how AI agents communicate with external services to obtain crucial context, data, and specialized capabilities. The AIGF MCP Server implements this protocol by acting as a critical intermediary that structures and delivers governance-relevant information to AI agents. The vision is for the role to be broken down into three key areas:

1. Use-Case Enrichment: The MCP server connects the AI agent to the "Financial AI Use-Case Taxonomy" and associated "Model Validation Strategy / Metrics / Thresholds." This helps the agent understand the business impact and associate domain level threats, helping to prioritize threats that pose the highest risk.
2. Threats and Mitigations: By interfacing with the "AIGF Catalogue of AI Threats and Mitigations" and "Security Standards / Regulations", including the EU AI Act and Open Worldwide Application Security Project (OWASP), the MCP server provides the agent with a governed understanding of potential AI risks and mitigation strategies. This enables proactive assessment of AI-specific vulnerabilities, such as prompt injection, data poisoning, or adversarial attacks, far more rapidly than human analysts alone.
3. Deployment Model Enrichment: The MCP server links the AI agent to the "AI Deployment Model Taxonomy" and "Reference Architectures." This contextualizes the agent's understanding of the technical operating landscape by providing reference to established secure reference architectures, thus helping identify architectural weaknesses or the application under assessment.

In essence, the AIGF MCP Server, with an agentic framework, transforms diverse inputs, from requirements documents to architectural descriptions, into actionable, governed insights for the AI agent. This allows the agent to understand what to consider, what risks to look for (including new AI-enabled threats), and what standards to uphold before generating its initial outputs.

The Indispensable Role of Human Oversight in AI Governance

While the MCP server enhances AI agents' capabilities and provides more deterministic and referenceable outputs, it is important that humans have oversight and remain accountable. The AI-generated outputs including prioritized risks, recommended mitigations, and model validation strategies are preliminary reports that are then quality assured by human review. This human oversight mechanism ensures that AI-generated governance recommendations are validated, refined, and approved by human experts, as necessary. It combines the unparalleled speed and analytical power of AI with the irreplaceable judgment, ethical reasoning, and strategic thinking of human intelligence.

Driving Trust and Innovation in Financial AI

The contribution of the FINOS AIGF MCP Server marks a significant step towards enabling financial institutions to:

1. Accelerate AI Risk Assessment & Threat Modelling: The MCP Server enables AI agents to rapidly process vast AI risk and mitigation data, enabling swift, scalable threat modelling. Structured AI governance insights are provided for human review, significantly reducing manual effort in initial investigations.
2. Strengthen AI Defences with AI: This tool is crucial for defending against AI attack vectors that exhaustively identify gaps. In a similar way, we need to use GenAI to help identify security gaps and vulnerabilities and build defences referencing standards like National Institute of Standards and Technology (NIST), OWASP, and EU AI Act link through the AI Governance Framework.

This open source contribution reflects a deep understanding of the industry's need to operationalize frameworks into actionable code, especially in the face of evolving AI threats.

We invite the community to explore the AIGF MCP Server, integrate it into your agent frameworks, and contribute to its ongoing evolution.

Learn More and Get Involved

Visit the FINOS AI Governance Framework and explore the code contribution: AIGF MCP Server GitHub Repository. For further ideas and contributions to the goals of the MCP server comment: https://github.com/finos/ai-governance-framework/issues/203.

Author: Luca Borella, FINOS, Program Manager, AI Strategic Initiative