The Model Context Protocol (MCP): Bridging AI and Actionable Data

 My day job has recently introduced a new concept for me to understand in my daily life (like I need more new concepts to understand). The Model Context Protocol (MCP)...

What is MCP?

MCP is an open standard designed to unify how AI assistants and large language models (LLMs) connect with external data sources, tools, and environments. An MCP Server acts as a secure gateway or bridge between the AI application (the client) and external systems, such as databases, file systems, or APIs. It is frequently compared to a "USB-C port for AI," as it provides a universal, standardized interface for plugging external capabilities into AI systems.

For example this is incredibly useful if you are building a chatbot for your organisation and want your AI Assistant to have access to your internal customer support database to use as a knowledge base for resolving common issues and answer questions based on your company (i.e. it’s providing context to your AI service). Without it you would somehow have to expose all that information to the larger LLM which is just not gonna happen.

An MCP server exposes three core primitives to AI applications:

• Tools: Executable functions that the AI can actively call to perform actions, such as writing to a database, executing a web search, or modifying a file.

• Resources: Passive, read-only data sources that provide the AI with context, such as database schemas, API documentation, or your customer support database.

• Prompts: Reusable instruction templates that help structure interactions and guide the AI through specific workflows. Prompts that are refined by the architect of the MCP server to provide you with more meaningful responses - saving you time in generating and testing these from scratch.

Why You Would Need an MCP Server?

• To Eliminate Fragmented Integrations: Before MCP, developers had to write custom API integrations for every single external tool or system an AI needed to access. By implementing an MCP server, developers can build an integration once and grant the AI access to a vast, standardized ecosystem of resources without maintaining dozens of custom codebases.

• To Enable Safe Action and Execution: LLMs are limited to the data they were trained on and lack built-in environments to safely execute code or make network requests on their own. An MCP server acts as a controlled execution layer. It keeps sensitive elements like API keys hidden from the model while the server handles the actual safe execution of tasks.

• For Dynamic Tool Discovery: Unlike static API specifications (like OpenAPI) that must be pre-loaded into an LLM, MCP allows AI applications to query servers at runtime to dynamically discover what tools and resources are currently available.

• To Ensure Security and Access Control: MCP servers are designed with enterprise security in mind, utilizing OAuth 2.1 for authentication and centralizing permissions management. This ensures that AI applications only interact with authorized data and that user-specific contexts are strictly respected so data does not leak between users.

• For Portability Across Applications: Because MCP is vendor-agnostic and model-agnostic, you can build a toolset once via an MCP server and plug it into any compatible AI application or IDE—such as Claude Desktop, Cursor, Windsurf, or LangChain—without needing to rewrite the integration.

• To Support Agentic Workflows: MCP facilitates conversational, multi-turn interactions through real-time updates and streaming (using Server-Sent Events). This allows AI agents to dynamically interact with multiple data sources, handle intermediate steps, and maintain persistent context over complex, multi-step tasks.

Why use MCP rather than an API?

While both APIs and MCPs aid in communication between systems, their core audiences, mechanisms, and philosophies differ significantly. A helpful way to frame the difference is that APIs connect machines, whereas MCP connects intelligence to machines.

Here are the primary differences between the two:

Target Audience and Optimization

• APIs are built for human developers to write code against, optimizing software-to-software communication.

• MCP is built specifically for AI models to streamline agentic interactions where an AI needs to reason about the data it receives.

Static vs. Dynamic Discovery

• APIs rely on static contracts that must be pre-loaded, read, and manually interpreted to formulate requests.

• MCP features dynamic discovery. An AI agent can query an MCP server at runtime to ask, "What tools can you offer?", and the server will automatically respond with a structured list of available tools, their descriptions, and parameter schemas. This means the AI always has an up-to-date view of its capabilities without needing manually updated documentation.

Security and Execution

• APIs are exposed over the network and assume the caller can securely manage tokens, headers, and request formatting. However, AI models do not have built-in execution environments and cannot safely hold secrets like API keys.

• MCP introduces a secure intermediary layer. The AI model never sees API keys or sensitive URLs. Instead, the AI asks the MCP server to use a specific tool, and the MCP server validates the input, securely executes the API call using its own hidden credentials, and returns only the safe results. MCP also standardizes security governance, utilizing protocols like OAuth 2.1 to ensure the AI only accesses data the user has explicitly authorized.

Granularity and Abstraction

• APIs typically expose granular, entity-based endpoints (e.g., /users or /weather).

• MCPs are less granular and focus on driving broader use cases. An MCP server exposes high-level capabilities (e.g., get_weather or get_open_supportIssues). A single MCP tool might execute several underlying REST API calls to gather all the necessary context for the AI.

LLM-Native Features

• APIs are generally stateless request-response mechanisms.

• MCP supports multi-turn, long-lived sessions (often using Server-Sent Events) that allow an AI agent to have back-and-forth interactions with a tool. Furthermore, MCP includes AI-specific features like sampling, which allows the MCP server to leverage the LLM's reasoning abilities. For example, an MCP server could fetch open issues and then use sampling to ask the LLM to filter them by "highest security impact"—a subjective analysis that a traditional REST API cannot natively perform.

Output Formatting

• APIs return machine-readable data, such as raw JSON payloads and database entity IDs.

• MCP is designed to return data optimized for an LLM's context window, often formatting responses as human-readable Markdown with fully hydrated entity names instead of raw IDs.

How secure is my data behind an MCP Server?

Because the Model Context Protocol (MCP) acts as a bridge between untrusted, model-generated inputs and sensitive external systems, a single weak point can turn that bridge into a pathway for exploitation. Securing an MCP deployment requires a "shared responsibility" model, where the server stands as a fortified wall protecting resources, and the client acts as a vigilant gatekeeper ensuring the AI does not overstep its bounds.

Academic research breaks down MCP threats into four main categories: malicious developers, external attackers, malicious users, and security flaws. In practice, these manifest as prompt injection, command execution, token theft, excessive permissions, and unverified endpoints.

To protect yourself, you must implement strict safeguards across both MCP servers and MCP clients and quite honestly 99.9% of it goes straight over my head. It can be “dead secure” is what I’ll say on the matter.

How does MCP make my life easier?

So let’s list out a few scenarios where an MCP Server would make sense. At the end of the day it sits in the background and makes interaction with AI more meaningful as it has access to more capabilities and context of the organisation you are talking to.

Software Development and Debugging

The AI coding assistant is greatly enhanced by using MCP to connect directly to local filesystems and version control systems like Git or GitHub. Instead of manually pasting code snippets into a chat, the AI can securely browse your local files, read repository code, search codebases, review pull requests, and even commit changes directly within environments like Cursor or Claude Desktop.

Automated Travel Planning

The true power of multi-server MCP architecture shines here by combining multiple disparate services into one workflow. By connecting a Travel Server, a Weather Server, and a Calendar Server, an AI agent can autonomously read your calendar to find available dates, check destination weather forecasts, search and book flights, and automatically add the itinerary to your schedule while emailing you a confirmation.

Workflow and Communication Automation

AI can connect seamlessly to platforms like Slack, Gmail, or Google Drive. An AI assistant can search through your team's Slack history to pull project context, summarize past decisions, and automatically draft and send emails based on a simple natural language request, all without you needing to switch tabs.

Data Analysis and Visualization

MCP allows AI models to connect directly to SQL databases, Google Sheets, or financial APIs. The AI can read raw data like customer feedback or stock market history, execute complex queries, and instantly generate interactive charts or analytical dashboards. For instance, an AI can use the Alpha Vantage MCP server to fetch 10 years of historical coffee prices and immediately plot an interactive visual graph for you.

Enterprise Knowledge Management

A multi-agent MCP setup can be entirely automated for a Training Management System that can use specialized MCP agents to automatically ingest uploaded PDF documents, extract key learning objectives, generate structured course modules, and create custom multiple-choice assessments without manual human intervention.

Ultimately, the core benefit of MCP in these scenarios is that it transforms AI from a passive text generator into an active, context-aware participant. By utilizing standardized tools, resources, and prompts, you gain a modular, secure way to grant AI access to your personal and business data without needing to write custom integrations for every single application.

That was a big chunk of stuff I learned this week… What next?

A Tale of Two Commerce Protocols

In previous posts I discussed the advent of Agentic Commerce and how that is primed to become the new way to shop for products online.

In order to enable the AI platforms to be aware of your brand presence and product information there are a number of strategies and techniques, specifically GEO (Generic Engine Optimization) and AEO (Answer Engine Optimization), that can attract the AI bots to prefer your brand and recommend your products within the many conversations that customers are now having with AI applications.

GEO is a broad strategy that involves a number of techniques that involve changes in how you write product content and optimize your websites so that AI will pick you first as the authoritative source for the answers within the Agentic Commerce experience.

Very recently a couple of new developments have emerged that both sound like it’s attempting to answer a similar question. Namely OpenAI’s Agentic Commerce Protocol (or ACP) and Google’s Universal Commerce Protocol (or UCP).

OpenAI’s ACP is an open, cross-platform protocol designed to enable shopping and payments directly within AI assistants, independent of any single platform or user interface. It allows AI agents to discover products via merchant-provided feeds, surface accurate pricing and availability, and autonomously initiate checkouts on the user's behalf without redirecting them to an external website.

The checkout process uses secure, delegated payment tokens (which are single-use, time-bound, and amount-restricted), while ensuring that the merchant retains full control over settlement, refunds, chargebacks, and compliance. The first implementation of this protocol is the Instant Checkout experience within ChatGPT.

Google’s UCP is a new open standard designed to establish a common language that allows AI agents, businesses, and payment providers to work together across the entire shopping journey from product discovery to post-purchase support. They also have massive Industry Endorsement collaborating with the likes of Etsy, Shopify, Best Buy and Walmart (US) who are either implementing, or have gone live with AI Agents.

While it is designed to be compatible with other agentic protocols, UCP is initially rolling out exclusively on Google-owned surfaces, such as Search AI Mode, Google Shopping, and the Gemini App. It enables shoppers to buy from eligible retailers directly during product discovery without leaving Google, utilizing Google Pay for seamless transactions while the retailer remains the seller of record.

Why ACP/UCP are More Helpful Than AIO/GEO

While Artificial Intelligence Optimization (AIO) and Generative Engine Optimization (GEO) are critical strategies, they are fundamentally focused on top-of-funnel visibility. AIO and GEO ensure that an AI model correctly parses, embeds, and cites your brand as the "source material" when answering a user's question. However, simply getting found is only the first step of the commerce journey.

ACP and UCP are arguably more helpful because they bridge the gap between discovery and execution, transforming the entire commercial funnel:

• Moving from Recommendation to Action: AIO/GEO might prompt an AI to recommend your product, but the user still has to navigate to your site, browse, add to cart, and manually checkout. ACP and UCP grant the AI "agency" to act on the user's intent and execute the purchase directly within the conversational interface.

• Frictionless Shopping: Traditional e-commerce is linear and rigid (search → browse → filter → product page → cart → checkout). ACP and UCP collapse these steps into a natural dialogue, drastically reducing friction and lowering cart abandonment.

• Capturing Immediate Revenue: By allowing shoppers to move from intent to purchase without breaking context or leaving the app, these protocols turn high-intent discovery moments directly into revenue.

In short, AIO and GEO help AI talk about your product, but ACP and UCP allow AI to buy your product on the customer's behalf.

Which one to choose?

Both OpenAI's Agentic Commerce Protocol (ACP) and Google's Universal Commerce Protocol (UCP) share the same overarching goal: to reduce friction in the shopping journey by allowing AI agents to handle product discovery and checkout seamlessly, without redirecting the user to an external website.

However, they differ significantly in their execution environments, how they handle payments, and their initial scope.

OpenAI’s Agentic Commerce Protocol (ACP)

• Design & Environment: ACP is an open, cross-platform protocol built to enable shopping and payments directly within AI assistants. It is designed to be independent of any single platform, user interface, or distribution surface. Currently, its primary implementation is the "Instant Checkout" experience inside ChatGPT.

• Payment Mechanism: ACP initiates checkout on the user's behalf using delegated payment tokens. These tokens are highly secure because they are single-use, time-bound, and amount-restricted.

• Merchant Role: In this model, merchants maintain complete control over the transactional backend, retaining responsibility for settlement, refunds, chargebacks, and compliance.

Google’s Universal Commerce Protocol (UCP)

• Design & Environment: UCP is pitched as a new open standard designed to support the entire shopping lifecycle, from product discovery and buying to post-purchase support. However, unlike ACP's cross-platform focus, UCP is initially being rolled out exclusively across Google-owned surfaces, including Search AI Mode, Google Shopping, and the Gemini App.

• Payment Mechanism: Instead of delegated tokens, UCP leverages Google Pay to complete transactions natively during product discovery, with PayPal support planned for the future.

• Additional Features: Alongside UCP, Google launched a feature called "Business Agent," which allows retailers to engage shoppers conversationally and enable direct purchases right within Google Search.

The Core Differences

• Where the Shopping Happens: ACP enables agent-led commerce primarily across the OpenAI ecosystem as a standalone destination, while UCP currently focuses on reducing checkout friction specifically within Google's massive search and discovery surfaces.

• Coexistence Over Competition: Google designed UCP to be compatible with other agent-to-agent standards and protocols. This means the two protocols are not necessarily meant to replace one another, but rather to coexist. UCP helps convert high-intent shoppers who are actively searching on Google, while ACP opens the door to new demand where AI chat assistants act as the shopping destination.

So it’s not like the old VHS/Beta video wars of the 80s. The question isn't which protocol "wins" it's whether your product data (and infrastructure) is ready to feed both. The reality is that you may need to support a multi-protocol ecosystem, just like supporting Apple Pay, Google Pay, and PayPal today. We are entering a multi-agent, multi-protocol world where structured product data is the "source code" of commerce.

Measuring Success in the Age of GEO

I am back after missing a week due to the day job! So, you devised your perfect GEO/AEO strategy and started writing your product content in conformance with the methodologies outlined in previous posts . Now comes the million-dollar question: Is it actually working?
Auditing your performance in the age of AI is tricky because the old scoreboard (Google Analytics) might be lying to you. Traffic might go down while your brand awareness goes up—simply because the AI answered the customer’s question without them ever needing to visit your site.
Here is a no-nonsense, friendly guide on how to audit your GEO and AEO efforts, the tools you can use, and how to fix the cracks in your strategy.

1. The "Ego Surf" Audit (Ask the AI)

The simplest way to audit your standing is to go directly to the source. You need to see if the "Generative Engines" (ChatGPT, Perplexity, Gemini, Claude) actually know who you are. Also, bare in mind that the AI models don’t reindex as often as the Google Search Index, so this is a long game.
The Action: Treat the AI like a potential customer.
Brand Audit: Ask, "What is {Your Company Name}?" or "What does {Your Company} sell?" If the AI hallucinates or says "I don't have enough information," you have an AIO (AI Optimization) problem. It means your digital footprint is too small or inconsistent.
Category Audit: Ask, "Who provides the best Service in {City}?" or "Compare {Your Product} vs {Competitor}".
The Goal: You aren't just looking for a mention; you are looking for sentiment and accuracy. Does the AI recommend you? Does it cite the right features? If it recommends a competitor, analyze why—is their pricing clearer? Do they have more reviews?

2. The Metric Shift: From Clicks to "Inclusion"

In traditional SEO, we obsess over Click-Through Rates (CTR). In AEO and GEO, we care about Source Inclusion and Visibility Scores.
Zero-Click Visibility: You need to track how often you appear in "Featured Snippets," "People Also Ask" boxes, or AI overviews. Tools like AIOSEO (for WordPress) or SEMrush can help track these specific SERP features.
Position-Adjusted Visibility: This is a fancy term for a simple concept: Did the AI mention you early in its answer? Research suggests that visibility is measured not just by if you were cited, but where and how much of your content was used. You want to be in the first paragraph of the AI’s script, not a footnote at the bottom.

3. The Toolkit: What to Use

You don't need to invent new technology to do this, but you do need to use existing tools differently.
AIOSEO (All In One SEO): If you are on WordPress, this plugin has a "Search Statistics" module. It helps you track keyword rankings specifically for content performance and identifies "content decay" (when your old posts stop ranking and need a refresh).
Using tools such as AIClicks and Profound, track AEO performance and monitor which products appear in AI citations, which content gets extracted most often, and what language patterns work best. Use these insights to refine your content templates, adjust attribute structures, and improve descriptions across similar products. Once you identify effective AEO patterns.
Question Research Tools: Use AnswerThePublic, SEMrush, or even your own customer support tickets. These tell you exactly what questions people are asking. If you aren't answering these specific questions on your site, you are invisible to the Answer Engine.
GPT-4 (as an Auditor): You can actually feed your content into ChatGPT and ask it to evaluate it against Google’s E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness) standards. Ask it, "How would you rate this article’s authority compared to Competitor {URL}?".

4. Corrective Actions: How to Fix Your Strategy

So, you audited your site and the AI is ignoring you. Here is how to get its attention.

Fix #1: The "Answer First" Adjust (AEO)

If you aren't winning featured snippets or voice search results, your content is likely buried.
The Fix: Rewrite your headers as questions (e.g., "How long does a drill battery last?") and provide the answer immediately in a concise, 40–60 word paragraph directly underneath. No fluff, no backstory. Just the answer.
Technical Boost: Use Schema Markup (like FAQPage schema). This is code that screams to the robot, "Here is the answer!" Tools like AIOSEO can generate this for you without you needing to code.

Fix #2: The "Citation Magnet" Move (GEO)

If the AI summarizes the topic but doesn't mention you, your content lacks authority signals.
The Fix: Add hard data. Don't say "Our software is fast." Say, "Our software processes data 30% faster than the industry average," and cite a source or internal study. Adding citations and statistics can increase your visibility in AI answers by 30-40%.
Quote Experts: Include direct quotations from industry leaders or your own experts. AI loves to pull quotes to build its "script".

Fix #3: The "Consensus" Cleanup (Off-Page Audit)

This is the big one. AI doesn't just trust your website; it trusts what the rest of the internet says about you. If you have great content but terrible reviews on Yelp or G2, the AI might skip you.
The Fix: Audit your N.A.P. (Name, Address, Phone) across all directories. Inconsistency confuses the AI. Then, actively drive happy customers to leave reviews on third-party sites. The AI looks for "consensus" across the web to verify you are a legitimate recommendation.

Summary Checklist

Ask the AI: regularly prompt ChatGPT/Perplexity to see how it describes your brand.
Track Snippets: Monitor how often you appear in "People Also Ask" or AI Overviews.
Inject Facts: Audit your top pages—if they are full of fluff, replace them with stats, tables, and direct answers.
Check the Vibe: Ensure your off-site reviews and directory listings are squeaky clean.

If you do this, you stop chasing clicks and start building the "influence" that gets you cited as the expert, but remember that this is built over time. Be patient!

Mastering the AI Trilogy: AEO, GEO, and AIO Optimization (AIO)

OK! Let's complete the trilogy. In previous posts I outlined how to be the Answer (AEO) and how to be the Recommendation (GEO). Now, we have to talk about the foundation that holds it all up: AI Optimization (AIO).

If you don't nail this, the other two don't matter because the AI won't even know you exist.

The Cheat Sheet: AEO vs. GEO vs. AIO

Let’s just again set out the terminology of the three strategies and how they stack up and support each other before we get into it:

• AEO (The Words): Getting your specific text cited as the direct answer to a question (e.g., "Why is my Power Drill vibrating?"). You want to be the snippet.

• GEO (The Choice): Getting your business recommended in a comparison (e.g., "Best Power Drill in theConstruction Industry"). You want to be the "friend" the AI suggests.
• AIO (The Identity): Teaching the AI who you are. This is about Brand Knowledge. If the AI doesn't have a confident "mental model" of your business—your hours, your services, your location, it won't risk recommending you, no matter how good your blog posts are.

Think of it this way:

• AEO is your script
• GEO is your audition
• AIO is your ID badge proving you’re actually allowed in the building.

AIO: The "Digital Tumbleweed" Problem

Here is the brutal truth: You could have the best website in the world, but if the rest of the internet is silent about you, you look like a "digital tumbleweed" to an AI.

AI models (like ChatGPT, Gemini, and Perplexity) rely on confidence. They hate hallucinating (making things up) when money or recommendations are on the line. If the AI isn't 100% sure you are a legitimate, active business, it will skip you and send your customers to the competitor it does know.

AIO is the process of filling in the "Knowledge Graph" gaps so the AI feels safe talking about you. Here is how to accomplish that.

1. Feed the Robot Your Resume (Structured Data)

If your website just says, "We make great pizza," the AI thinks, "According to whom? Your mom?". You need to speak the robot's native language to prove you are real.

• The Move: Use Schema Markup (I need to dive into this in more detail in a separate post later, when I understand it better). This is invisible code that tells the AI, "I am a Restaurant," "I serve Neapolitan Pizza," and "I am open until 10 PM."

• The Example: Don't just list your hours in plain text. Use "LocalBusiness" schema to hard-code your opening hours, address, and phone number. This helps the AI build a "Knowledge Card" about you so it doesn't have to guess.

• Tool Tip: You don't need to be a coder. Plugins like AIOSEO (Wordpress) can generate this schema for you automatically.

2. The "Consensus" Strategy (Be Everywhere Else)

This is the part most businesses miss. AI trusts the "consensus" of the internet more than it trusts your own website. If you say you're the best, that's marketing. If Yelp, TripAdvisor, and five industry blogs say you're the best, that's a fact.

• The Move: You need an "Authority Ecosystem." This means ensuring your business information (N.A.P. Name, Address, Phone) is identical across every directory, map, and review site.

• The Example: Let's say you run "Peppy's Pizza." If your site says you're open, but Yelp says you're closed, and your Google Business Profile has an old phone number, the AI gets confused. When AI gets confused, it ignores you. Clean up your listings so they all match perfectly.

3. Get "Loud" (Sentiment & Mentions)

This is probably the one thing that involves the most work. AI listens to the crowd. It rewards the "loudest" brands—not necessarily the ones shouting the most, but the ones being talked about the most.

• The Move: Generate positive sentiment. You need mentions in places other than your site. This includes PR, listicles ("Top 10 lists"), and social media tags.

• The Example: Weak AIO: You write a blog post called "Why we are the best plumbers." Strong AIO: You get mentioned in a local news article about "Small businesses saving the day" or a Reddit thread about "Reliable plumbers."

• Why it works: These are "breadcrumbs" that teach the AI that real humans like and trust you.

4. The Wikipedia Test (Establish Entity Authority)

The Holy Grail of AIO is becoming a recognized "Entity." You want the AI to know you like it knows Coca-Cola or Nike (on a smaller scale, of course).

• The Move: If possible, get a Wikipedia page or a Google Knowledge Panel. If you can't get Wikipedia, aim for industry-specific directories (like G2 for software or Healthgrades for doctors).

• The Example: If a user asks, "Is Your Company legit?", the AI cross-references these trusted databases. If you are missing from them, the AI might answer, "I don't have enough information on that company," which is the kiss of death for a sale.

Summary

AIO isn't about ranking for a keyword; it's about brand survival.

If you don't verify your identity across the web, you are leaving your reputation up to the AI's assumptions. And as we know, you don't want to lose revenue because a robot assumed you went out of business three years ago.

Your AIO To-Do List:

1. Schema: Mark up your site so the AI understands your data.

2. Consistency: Ensure your name, address, and phone number are identical everywhere.

3. Reviews: Get your customers to talk about you on third-party sites (Google, Yelp, G2).

4. Mentions: Get cited in "Best of" lists and local directories.