This site mainly deals with various use cases demonstrated using Python, Data Science, Cloud basics, SQL Server, Oracle, Teradata along with SQL & their implementation. Expecting yours active participation & time. This blog can be access from your TP, Tablet & mobile also. Please provide your feedback.
I’ve been using the AI for the last couple of years, both in my personal life and in my professional life. And, like others, I’ve been using some of the common editors. Among them, one of my favorites is Cursor AI Editor. The reason is very simple. It has a agent driven capability where anyone can develop their application (you need to take the paid plan – off course).
So, in this case, you don’t need to worry about which model you should use as Cursor will do it for you.
Even when this is a great editor for the developers. Still, I felt that one thing is missing is to restore to one of your previous versions in case the new code generates wrong or creates a bug for other areas of your application. This capability is extremely important for me. And, many times, I literally had to spend significant hours trying to restore the previous desired working versions or at least get that version of code & restore it easily all across the board, along with the entire history of changes. Connecting with GitHub may solve the problem if you push your code. However, developers push their code when they feel like achieving some milestones. The do not push intermediate changes while developing the features or capabilities. And, that’s where my new package will fit & work efficiently in conjunction with the Cursor AI Editor. Apart from that, it compresses the entire context apart from maintainign the individual versions of context. So, you can rollback to a certain level or can continue with the latest comprehensive context that is captured within the Graphify package.
Let us understand how that works. But, before that let us understand the demo.
So, as you can see from the above video, I am able to showcase the complete capabilities. Not only are you maintaining an external way of viewing all the prompts along with the entire history, but you can also compare the versions of a single script or even between prompts.
So, you are getting an overall comprehensive picture.
Now, let us deep-dive into some of the major choices user can have.
From the above picture, we have five major sections. The top-right in CYAN shows two tabs – “Graph” & “Versions”. As per the last screenshot, the “Graph” tab is active.
The top-left contains the available options in RED, that has all the options. Initially, by default, it is set to “All types”.
The main YELLOW square-line box contains the main canvas area, which depicts the graphical flow of metadata information.
The GREEN square-line box contains the legend information. And, the lower bottom-right contains the entire codebase for the scripts, packages, & for others.
Another very important capability is to check the entire prompt history in an organized way. This will help people to understand the evolution of the products. The above picture depicts this by showing the highlighted square-line boxes.
Another very important capability is to isolate only the scripts & create a similar graphical representation. This will give developers a cleaner interface to concentrate on the evolution of the scripts rather than concentrating on everything. The highlighted square-line box showcases the selected options & the corresponding script details.
The last important tool is under the “Versions” tab. In this tab, developers have the option to select any target script & then compare the two versions within the evolution & then based on the understanding, either they can enhance/update or restore that specific version in the latest version. This will definitely give developer much needed flexibility.
The above square-line boxes highlight the script name, and the comparison intention between the two certain versions & then the difference between them at the bottom of the screen.
So, we’ve done it. In our next post, we’ll know some of the key snippets from the important scripts for a better understanding of this tool.
I hope you all like this effort & let me know your feedback. I’ll be back with another topic. Until then, Happy Avenging!
Note: All the data & scenarios posted here are representative of data & scenarios available on the internet for educational purposes only. There is always room for improvement in this kind of model & the solution associated with it. This article is for educational purposes only. The techniques described should only be used for authorized security testing and research. Unauthorized access to computer systems is illegal and unethical & not encouraged.
If Parts 1, 2, and 3 were the horror movie showing you all the ways things can go wrong, Part 3 is the training montage where humanity fights back. Spoiler alert: We’re not winning yet, but at least we’re no longer bringing knife emojis to a prompt injection fight.
The State of Defense: A Reality Check:
Let’s start with some hard truths from 2025’s research –
• 90%+ of current defenses fail against adaptive attacks • Static defenses are obsolete before deployment • No single solution exists for prompt injection • The attacker moves second and usually wins
But before you unplug your AI and go back to using carrier pigeons, there’s hope. The same research teaching us about vulnerabilities is also pointing toward solutions.
The Defense Architecture: Layers Upon Layers:
The Swiss Cheese Model for AI Security:
No single layer is perfect (hence the holes in the Swiss cheese), but multiple imperfect layers create robust defense.
import reimport torchfrom transformers import AutoTokenizer, AutoModelimport numpy as npclassAdvancedInputValidator:def__init__(self,model_name='sentence-transformers/all-MiniLM-L6-v2'):self.tokenizer = AutoTokenizer.from_pretrained(model_name)self.model = AutoModel.from_pretrained(model_name)self.baseline_embeddings =self.load_baseline_embeddings()self.threat_patterns =self.compile_threat_patterns()defvalidateInput(self,user_input):""" Multi-layer input validation"""# Layer 1: Syntactic checksifnotself.syntacticValidation(user_input):returnFalse,"Failed syntactic validation"# Layer 2: Semantic analysis semantic_score =self.semanticAnalysis(user_input)if semantic_score >0.8:# High risk thresholdreturnFalse,f"Semantic risk score: {semantic_score}"# Layer 3: Embedding similarityifself.isAdversarialEmbedding(user_input):returnFalse,"Detected adversarial pattern in embedding"# Layer 4: Entropy analysisifself.entropyCheck(user_input)>4.5:returnFalse,"Unusual entropy detected"# Layer 5: Known attack patterns pattern_match =self.checkThreatPatterns(user_input)if pattern_match:returnFalse,f"Matched threat pattern: {pattern_match}"returnTrue,"Validation passed"defsemanticAnalysis(self,text):""" Analyzes semantic intent using embedding similarity"""# Generate embedding for input inputs =self.tokenizer(text,return_tensors='pt',truncation=True)with torch.no_grad(): embeddings =self.model(**inputs).last_hidden_state.mean(dim=1)# Compare against known malicious embeddings max_similarity =0for malicious_emb inself.baseline_embeddings['malicious']: similarity = torch.cosine_similarity(embeddings, malicious_emb) max_similarity =max(max_similarity, similarity.item())return max_similaritydefentropyCheck(self,text):""" Calculates Shannon entropy to detect obfuscation"""# Calculate character frequency freq ={}for char in text: freq[char]= freq.get(char,0)+1# Calculate entropy entropy =0 total =len(text)for count in freq.values():if count >0: probability = count / total entropy -= probability * np.log2(probability)return entropydefcompile_threat_patterns(self):""" Compiles regex patterns for known threats""" patterns ={'injection':r'(ignore|disregard|forget).{0,20}(previous|prior|above)','extraction':r'(system|initial).{0,20}(prompt|instruction)','jailbreak':r'(act as|pretend|roleplay).{0,20}(no limits|unrestricted)','encoding':r'(base64|hex|rot13|decode)','escalation':r'(debug|admin|sudo|root).{0,20}(mode|access)',}return{k: re.compile(v, re.IGNORECASE)for k, v in patterns.items()}
This code creates an advanced system that checks whether user input is safe before processing it. It uses multiple layers of validation, including basic syntax checks, meaning-based analysis with AI embeddings, similarity detection to known malicious examples, entropy measurements to spot obfuscated text, and pattern matching for common attack behaviors such as jailbreaks or prompt injections. If any layer finds a risk—high semantic similarity, unusual entropy, or a threat pattern—the input is rejected. If all checks pass, the system marks the input as safe.
Architectural Defense Patterns (The Secure Prompt Architecture):
classSecurePromptArchitecture:def__init__(self):self.system_prompt =self.load_immutable_system_prompt()self.contextWindowBudget ={'system':0.3,# 30% reserved for system'history':0.2,# 20% for conversation history'user':0.4,# 40% for user input'buffer':0.1# 10% safety buffer}defconstructPrompt(self,user_input,conversation_history=None):""" Builds secure prompt with proper isolation"""# Calculate token budgets total_tokens =4096# Model's context window budgets ={k:int(v * total_tokens)for k, v inself.contextWindowBudget.items()}# Build prompt with clear boundaries prompt_parts =[]# System section (immutable) prompt_parts.append(f"<|SYSTEM|>{self.systemPrompt[:budgets['system']]}<|/SYSTEM|>")# History section (sanitized)if conversation_history: sanitized_history =self.sanitizeHistory(conversation_history) prompt_parts.append(f"<|HISTORY|>{sanitized_history[:budgets['history']]}<|/HISTORY|>")# User section (contained) sanitized_input =self.sanitizeUserInput(user_input) prompt_parts.append(f"<|USER|>{sanitized_input[:budgets['user']]}<|/USER|>")# Combine with clear delimiters final_prompt ="\n<|BOUNDARY|>\n".join(prompt_parts)return final_promptdefsanitizeUserInput(self,input_text):""" Removes potentially harmful content while preserving intent"""# Remove system-level commands sanitized = re.sub(r'<\|.*?\|>','', input_text)# Escape special characters sanitized = sanitized.replace('\\','\\\\') sanitized = sanitized.replace('"','\\"')# Remove null bytes and control characters sanitized =''.join(char for char in sanitized iford(char)>=32or char =='\n')return sanitized
This code establishes a secure framework for creating and sending prompts to an AI model. It divides the model’s context window into fixed sections for system instructions, conversation history, user input, and a safety buffer. Each section is clearly separated with boundaries to prevent user input from altering system rules. Before adding anything, the system cleans both history and user text by removing harmful commands and unsafe characters. The final prompt ensures isolation, protects system instructions, and reduces the risk of prompt injection or manipulation.
Behavioral Monitoring and Anomaly Detection (Real-time Behavioral Analysis):
import picklefrom sklearn.ensemble import IsolationForestfrom collections import dequeclassBehavioralMonitor:def__init__(self,window_size=100):self.behaviorHistory =deque(maxlen=window_size)self.anomalyDetector =IsolationForest(contamination=0.1)self.baselineBehaviors =self.load_baseline_behaviors()self.alertThreshold =0.85defanalyzeInteraction(self,user_id,prompt,response,metadata):""" Performs comprehensive behavioral analysis"""# Extract behavioral features features =self.extractFeatures(prompt, response, metadata)# Add to historyself.behavior_history.append({'user_id': user_id,'timestamp': metadata['timestamp'],'features': features})# Check for anomalies anomaly_score =self.detectAnomaly(features)# Pattern detection patterns =self.detectPatterns()# Risk assessment risk_level =self.assessRisk(anomaly_score, patterns)return{'anomaly_score': anomaly_score,'patterns_detected': patterns,'risk_level': risk_level,'action_required': risk_level >self.alertThreshold}defextractFeatures(self,prompt,response,metadata):""" Extracts behavioral features for analysis""" features ={# Temporal features'time_of_day': metadata['timestamp'].hour,'day_of_week': metadata['timestamp'].weekday(),'request_frequency':self.calculateFrequency(metadata['user_id']),# Content features'prompt_length':len(prompt),'response_length':len(response),'prompt_complexity':self.calculateComplexity(prompt),'topic_consistency':self.calculateTopicConsistency(prompt),# Interaction features'question_type':self.classifyQuestionType(prompt),'sentiment_score':self.analyzeSentiment(prompt),'urgency_indicators':self.detectUrgency(prompt),# Security features'encoding_present':self.detectEncoding(prompt),'injection_keywords':self.countInjectionKeywords(prompt),'system_references':self.countSystemReferences(prompt),}return featuresdefdetectPatterns(self):""" Identifies suspicious behavioral patterns""" patterns =[]# Check for velocity attacksifself.detectVelocityAttack(): patterns.append('velocity_attack')# Check for reconnaissance patternsifself.detectReconnaissance(): patterns.append('reconnaissance')# Check for escalation patternsifself.detectPrivilegeEscalation(): patterns.append('privilege_escalation')return patternsdefdetectVelocityAttack(self):""" Detects rapid-fire attack attempts"""iflen(self.behaviorHistory)<10:returnFalse recent =list(self.behaviorHistory)[-10:] time_diffs =[]for i inrange(1,len(recent)): diff =(recent[i]['timestamp']- recent[i-1]['timestamp']).seconds time_diffs.append(diff)# Check if requests are too rapid avg_diff = np.mean(time_diffs)return avg_diff <2# Less than 2 seconds average
This code monitors user behavior when interacting with an AI system to detect unusual or risky activity. It collects features such as timing, prompt length, sentiment, complexity, and security-related keywords. An Isolation Forest model checks whether the behavior is normal or suspicious. It also looks for specific attack patterns, such as very rapid requests, probing for system details, or attempts to escalate privileges. The system then assigns a risk level, and if the risk is high, it signals that immediate action may be required.
Output Filtering and Sanitization (Multi-Stage Output Pipeline):
classOutputSanitizer:def__init__(self):self.sensitive_patterns =self.load_sensitive_patterns()self.pii_detector =self.initialize_pii_detector()defsanitizeOutput(self,raw_output,context):""" Multi-stage output sanitization pipeline"""# Stage 1: Remove sensitive data output =self.removeSensitiveData(raw_output)# Stage 2: PII detection and masking output =self.maskPii(output)# Stage 3: URL and email sanitization output =self.sanitizeUrlsEmails(output)# Stage 4: Code injection prevention output =self.preventCodeInjection(output)# Stage 5: Context-aware filtering output =self.contextFilter(output, context)# Stage 6: Final validationifnotself.finalValidation(output):return"[Output blocked due to security concerns]"return outputdefremoveSensitiveData(self,text):""" Removes potentially sensitive information""" sensitive_patterns =[r'\b[A-Za-z0-9+/]{40}\b',# API keysr'\b[0-9]{3}-[0-9]{2}-[0-9]{4}\b',# SSNr'\b[0-9]{16}\b',# Credit card numbersr'password\s*[:=]\s*\S+',# Passwordsr'BEGIN RSA PRIVATE KEY.*END RSA PRIVATE KEY',# Private keys]for pattern in sensitive_patterns: text = re.sub(pattern,'[REDACTED]', text,flags=re.DOTALL)return textdefmaskPii(self,text):""" Masks personally identifiable information"""# This would use a proper NER model in production pii_entities =self.piiDetector.detect(text)for entity in pii_entities:if entity['type']in['PERSON','EMAIL','PHONE','ADDRESS']: mask =f"[{entity['type']}]" text = text.replace(entity['text'], mask)return textdefpreventCodeInjection(self,text):""" Prevents code injection in output"""# Escape HTML/JavaScript text = text.replace('<','<').replace('>','>') text = re.sub(r'<script.*?</script>','[SCRIPT REMOVED]', text,flags=re.DOTALL)# Remove potential SQL injection sql_keywords =['DROP','DELETE','INSERT','UPDATE','EXEC','UNION']for keyword in sql_keywords: pattern =rf'\b{keyword}\b.*?(;|$)' text = re.sub(pattern,'[SQL REMOVED]', text,flags=re.IGNORECASE)return text
This code cleans and secures the AI’s output before it is shown to a user. It removes sensitive data such as API keys, credit card numbers, passwords, or private keys. It then detects and masks personal information, including names, emails, phone numbers, and addresses. The system also sanitizes URLs and emails, blocks possible code or script injections, and applies context-aware filters to prevent unsafe content. Finally, a validation step checks that the cleaned output meets safety rules. If any issues remain, the output is blocked for security reasons.
The Human-in-the-Loop Framework (When Machines Need Human Judgment):
classHumanInTheLoop:def__init__(self):self.review_queue =[]self.risk_thresholds ={'low':0.3,'medium':0.6,'high':0.8,'critical':0.95}defevaluateForReview(self,interaction):""" Determines if human review is needed""" risk_score = interaction['risk_score']# Always require human review for critical risksif risk_score >=self.risk_thresholds['critical']:returnself.escalateToHuman(interaction,priority='URGENT')# Check specific triggers triggers =['financial_transaction','data_export','system_modification','user_data_access','code_generation',]for trigger in triggers:if trigger in interaction['categories']:returnself.escalateToHuman(interaction,priority='HIGH')# Probabilistic review for medium risksif risk_score >=self.risk_thresholds['medium']:if random.random()< risk_score:returnself.escalateToHuman(interaction,priority='NORMAL')returnNonedefescalateToHuman(self,interaction,priority='NORMAL'):""" Adds interaction to human review queue""" review_item ={'id':str(uuid.uuid4()),'timestamp': datetime.utcnow(),'priority': priority,'interaction': interaction,'status':'PENDING','reviewer':None,'decision':None}self.review_queue.append(review_item)# Send notification based on priorityif priority =='URGENT':self.sendUrgentAlert(review_item)return review_item['id']
This code decides when an AI system should involve a human reviewer to ensure safety and accuracy. It evaluates each interaction’s risk score and automatically escalates high-risk or critical cases for human review. It also flags interactions involving sensitive actions, such as financial transactions, data access, or system changes. Medium-risk cases may be reviewed based on probability. When escalation is needed, the system creates a review task with a priority level, adds it to a queue, and sends alerts for urgent issues. This framework ensures human judgment is used whenever machine decisions may not be sufficient.
So, in this post, we’ve discussed some of the defensive mechanisms & we’ll deep dive more about this in the next & final post.
We’ll meet again in our next instalment. Till then, Happy Avenging! 🙂
Note: All the data & scenarios posted here are representative of data & scenarios available on the internet for educational purposes only. There is always room for improvement in this kind of model & the solution associated with it. This article is for educational purposes only. The techniques described should only be used for authorized security testing and research. Unauthorized access to computer systems is illegal and unethical & not encouraged.
This is a continuation of my previous post, which can be found here.
Let us recap the key takaways from our previous post –
Enterprise AI, utilizing the Model Context Protocol (MCP), leverages an open standard that enables AI systems to securely and consistently access enterprise data and tools. MCP replaces brittle “N×M” integrations between models and systems with a standardized client–server pattern: an MCP host (e.g., IDE or chatbot) runs an MCP client that communicates with lightweight MCP servers, which wrap external systems via JSON-RPC. Servers expose three assets—Resources (data), Tools (actions), and Prompts (templates)—behind permissions, access control, and auditability. This design enables real-time context, reduces hallucinations, supports model- and cloud-agnostic interoperability, and accelerates “build once, integrate everywhere” deployment. A typical flow (e.g., retrieving a customer’s latest order) encompasses intent parsing, authorized tool invocation, query translation/execution, and the return of a normalized JSON result to the model for natural-language delivery. Performance introduces modest overhead (RPC hops, JSON (de)serialization, network transit) and scale considerations (request volume, significant results, context-window pressure). Mitigations include in-memory/semantic caching, optimized SQL with indexing, pagination, and filtering, connection pooling, and horizontal scaling with load balancing. In practice, small latency costs are often outweighed by the benefits of higher accuracy, stronger governance, and a decoupled, scalable architecture.
How does MCP compare with other AI integration approaches?
Compared to other approaches, the Model Context Protocol (MCP) offers a uniquely standardized and secure framework for AI-tool integration, shifting from brittle, custom-coded connections to a universal plug-and-play model. It is not a replacement for underlying systems, such as APIs or databases, but instead acts as an intelligent, secure abstraction layer designed explicitly for AI agents.
MCP vs. Custom API integrations:
This approach was the traditional method for AI integration before standards like MCP emerged.
Custom API integrations (traditional): Each AI application requires a custom-built connector for every external system it needs to access, leading to an N x M integration problem (the number of connectors grows exponentially with the number of models and systems). This approach is resource-intensive, challenging to maintain, and prone to breaking when underlying APIs change.
MCP: The standardized protocol eliminates the N x M problem by creating a universal interface. Tool creators build a single MCP server for their system, and any MCP-compatible AI agent can instantly access it. This process decouples the AI model from the underlying implementation details, drastically reducing integration and maintenance costs.
For more detailed information, please refer to the following link.
MCP vs. Retrieval-Augmented Generation (RAG):
RAG is a technique that retrieves static documents to augment an LLM’s knowledge, while MCP focuses on live interactions. They are complementary, not competing.
RAG:
Focus: Retrieving and summarizing static, unstructured data, such as documents, manuals, or knowledge bases.
Best for: Providing background knowledge and general information, as in a policy lookup tool or customer service bot.
Data type: Unstructured, static knowledge.
MCP:
Focus: Accessing and acting on real-time, structured, and dynamic data from databases, APIs, and business systems.
Best for: Agentic use cases involving real-world actions, like pulling live sales reports from a CRM or creating a ticket in a project management tool.
Data type: Structured, real-time, and dynamic data.
MCP vs. LLM plugins and extensions:
Before MCP, platforms like OpenAI offered proprietary plugin systems to extend LLM capabilities.
LLM plugins:
Proprietary: Tied to a specific AI vendor (e.g., OpenAI).
Limited: Rely on the vendor’s API function-calling mechanism, which focuses on call formatting but not standardized execution.
Centralized: Managed by the AI vendor, creating a risk of vendor lock-in.
MCP:
Open standard: Based on a public, interoperable protocol (JSON-RPC 2.0), making it model-agnostic and usable across different platforms.
Infrastructure layer: Provides a standardized infrastructure for agents to discover and use any compliant tool, regardless of the underlying LLM.
Decentralized: Promotes a flexible ecosystem and reduces the risk of vendor lock-in.
How enterprise AI with MCP has opened up a specific Architecture pattern for Azure, AWS & GCP?
Microsoft Azure:
The “agent factory” pattern: Azure focuses on providing managed services for building and orchestrating AI agents, tightly integrated with its enterprise security and governance features. The MCP architecture is a core component of the Azure AI Foundry, serving as a secure, managed “agent factory.”
Azure architecture pattern with MCP:
AI orchestration layer: The Azure AI Agent Service, within Azure AI Foundry, acts as the central host and orchestrator. It provides the control plane for creating, deploying, and managing multiple specialized agents, and it natively supports the MCP standard.
AI model layer: Agents in the Foundry can be powered by various models, including those from Azure OpenAI Service, commercial models from partners, or open-source models.
MCP server and tool layer: MCP servers are deployed using serverless functions, such as Azure Functions or Azure Logic Apps, to wrap existing enterprise systems. These servers expose tools for interacting with enterprise data sources like SharePoint, Azure AI Search, and Azure Blob Storage.
Data and security layer: Data is secured using Microsoft Entra ID (formerly Azure AD) for authentication and access control, with robust security policies enforced via Azure API Management. Access to data sources, such as databases and storage, is managed securely through private networks and Managed Identity.
Amazon Web Services (AWS):
The “composable serverless agent” pattern: AWS emphasizes a modular, composable, and serverless approach, leveraging its extensive portfolio of services to build sophisticated, flexible, and scalable AI solutions. The MCP architecture here aligns with the principle of creating lightweight, event-driven services that AI agents can orchestrate.
AWS architecture pattern with MCP:
The AI orchestration layer, which includesAmazon Bedrock Agents or custom agent frameworks deployed via AWS Fargate or Lambda, acts as the MCP hosts. Bedrock Agents provide built-in orchestration, while custom agents offer greater flexibility and customization options.
AI model layer: The models are sourced from Amazon Bedrock, which provides a wide selection of foundation models.
MCP server and tool layer: MCP servers are deployed as serverless AWS Lambda functions. AWS offers pre-built MCP servers for many of its services, including the AWS Serverless MCP Server for managing serverless applications and the AWS Lambda Tool MCP Server for invoking existing Lambda functions as tools.
Data and security layer: Access is tightly controlled using AWS Identity and Access Management (IAM) roles and policies, with fine-grained permissions for each MCP server. Private data sources like databases (Amazon DynamoDB) and storage (Amazon S3) are accessed securely within a Virtual Private Cloud (VPC).
Google Cloud Platform (GCP):
The “unified workbench” pattern: GCP focuses on providing a unified, open, and data-centric platform for AI development. The MCP architecture on GCP integrates natively with the Vertex AI platform, treating MCP servers as first-class tools that can be dynamically discovered and used within a single workbench.
GCP architecture pattern with MCP:
AI orchestration layer: The Vertex AI Agent Builder serves as the central environment for building and managing conversational AI and other agents. It orchestrates workflows and manages tool invocation for agents.
AI model layer: Agents use foundation models available through the Vertex AI Model Garden or the Gemini API.
MCP server and tool layer: MCP servers are deployed as containerized microservices on Cloud Run or managed by services like App Engine. These servers contain tools that interact with GCP services, such as BigQuery, Cloud Storage, and Cloud SQL. GCP offers pre-built MCP server implementations, such as the GCP MCP Toolbox, for integration with its databases.
Data and security layer:Vertex AI Vector Search and other data sources are encapsulated within the MCP server tools to provide contextual information. Access to these services is managed by Identity and Access Management (IAM) and secured through virtual private clouds. The MCP server can leverage Vertex AI Context Caching for improved performance.
Note that all the native technology is referred to in each respective cloud. Hence, some of the better technologies can be used in place of the tool mentioned here. This is more of a concept-level comparison rather than industry-wise implementation approaches.
We’ll go ahead and conclude this post here & continue discussing on a further deep dive in the next post.
Till then, Happy Avenging! 🙂
Note: All the data & scenarios posted here are representational data & scenarios & available over the internet & for educational purposes only. There is always room for improvement in this kind of model & the solution associated with it. I’ve shown the basic ways to achieve the same for educational purposes only.
This is a continuation of my previous post, which can be found here.
Let us recap the key takaways from our previous post –
Agentic AI refers to autonomous systems that pursue goals with minimal supervision by planning, reasoning about next steps, utilizing tools, and maintaining context across sessions. Core capabilities include goal-directed autonomy, interaction with tools and environments (e.g., APIs, databases, devices), multi-step planning and reasoning under uncertainty, persistence, and choiceful decision-making.
Architecturally, three modules coordinate intelligent behavior: Sensing (perception pipelines that acquire multimodal data, extract salient patterns, and recognize entities/events); Observation/Deliberation (objective setting, strategy formation, and option evaluation relative to resources and constraints); and Action (execution via software interfaces, communications, or physical actuation to deliver outcomes). These functions are enabled by machine learning, deep learning, computer vision, natural language processing, planning/decision-making, uncertainty reasoning, and simulation/modeling.
At enterprise scale, open standards align autonomy with governance: the Model Context Protocol (MCP) grants an agent secure, principled access to enterprise tools and data (vertical integration), while Agent-to-Agent (A2A) enables specialized agents to coordinate, delegate, and exchange information (horizontal collaboration). Together, MCP and A2A help organizations transition from isolated pilots to scalable programs, delivering end-to-end automation, faster integration, enhanced security and auditability, vendor-neutral interoperability, and adaptive problem-solving that responds to real-time context.
Great! Let’s dive into this topic now.
Enterprise AI with MCP refers to the application of the Model Context Protocol (MCP), an open standard, to enable AI systems to securely and consistently access external enterprise data and applications.
The problem MCP solves in enterprise AI:
Before MCP, enterprise AI integration was characterized by a “many-to-many” or “N x M” problem. Companies had to build custom, fragile, and costly integrations between each AI model and every proprietary data source, which was not scalable. These limitations left AI agents with limited, outdated, or siloed information, restricting their potential impact. MCP addresses this by offering a standardized architecture for AI and data systems to communicate with each other.
How does MCP work?
The MCP framework uses a client-server architecture to enable communication between AI models and external tools and data sources.
MCP Host: The AI-powered application or environment, such as an AI-enhanced IDE or a generative AI chatbot like Anthropic’s Claude or OpenAI’s ChatGPT, where the user interacts.
MCP Client: A component within the host application that manages the connection to MCP servers.
MCP Server: A lightweight service that wraps around an external system (e.g., a CRM, database, or API) and exposes its capabilities to the AI client in a standardized format, typically using JSON-RPC 2.0.
An MCP server provides AI clients with three key resources:
Resources: Structured or unstructured data that an AI can access, such as files, documents, or database records.
Tools: The functionality to perform specific actions within an external system, like running a database query or sending an email.
Prompts: Pre-defined text templates or workflows to help guide the AI’s actions.
Benefits of MCP for enterprise AI:
Standardized integration: Developers can build integrations against a single, open standard, which dramatically reduces the complexity and time required to deploy and scale AI initiatives.
Enhanced security and governance: MCP incorporates native support for security and compliance measures. It provides permission models, access control, and auditing capabilities to ensure AI systems only access data and tools within specified boundaries.
Real-time contextual awareness: By connecting AI agents to live enterprise data sources, MCP ensures they have access to the most current and relevant information, which reduces hallucinations and improves the accuracy of AI outputs.
Greater interoperability: MCP is model-agnostic & can be used with a variety of AI models (e.g., Anthropic’s Claude or OpenAI’s models) and across different cloud environments. This approach helps enterprises avoid vendor lock-in.
Accelerated development: The “build once, integrate everywhere” approach enables internal teams to focus on innovation instead of writing custom connectors for every system.
Flow of activities:
Let us understand one sample case & the flow of activities.
A customer support agent uses an AI assistant to get information about a customer’s recent orders. The AI assistant utilizes an MCP-compliant client to communicate with an MCP server, which is connected to the company’s PostgreSQL database.
The interaction flow:
1. User request: The support agent asks the AI assistant, “What was the most recent order placed by Priyanka Chopra Jonas?”
2. AI model processes intent: The AI assistant, running on an MCP host, analyzes the natural language query. It recognizes that to answer this question, it needs to perform a database query. It then identifies the appropriate tool from the MCP server’s capabilities.
3. Client initiates tool call: The AI assistant’s MCP client sends a JSON-RPC request to the MCP server connected to the PostgreSQL database. The request specifies the tool to be used, such as get_customer_orders, and includes the necessary parameters:
5. Database returns data: The PostgreSQL database executes the query and returns the requested data to the MCP server.
6. Server formats the response: The MCP server receives the raw database output and formats it into a standardized JSON response that the MCP client can understand.
7. Client returns data to the model: The MCP client receives the JSON response and passes it back to the AI assistant’s language model.
8. AI model generates final response: The language model incorporates this real-time data into its response and presents it to the user in a natural, conversational format.
“Priyanka Chopra Jonas’s most recent order was placed on August 25, 2025, with an order ID of 98765, for a total of $11025.50.”
What are the performance implications of using MCP for database access?
Using the Model Context Protocol (MCP) for database access introduces a layer of abstraction that affects performance in several ways. While it adds some latency and processing overhead, strategic implementation can mitigate these effects. For AI applications, the benefits often outweigh the costs, particularly in terms of improved accuracy, security, and scalability.
Sources of performance implications::
Added latency and processing overhead:
The MCP architecture introduces extra communication steps between the AI agent and the database, each adding a small amount of latency.
RPC overhead: The JSON-RPC call from the AI’s client to the MCP server adds a small processing and network delay. This is an out-of-process request, as opposed to a simple local function call.
JSON serialization: Request and response data must be serialized and deserialized into JSON format, which requires processing time.
Network transit: For remote MCP servers, the data must travel over the network, adding latency. However, for a local or on-premise setup, this is minimal. The physical location of the MCP server relative to the AI model and the database is a significant factor.
Scalability and resource consumption:
The performance impact scales with the complexity and volume of the AI agent’s interactions.
High request volume: A single AI agent working on a complex task might issue dozens of parallel database queries. In high-traffic scenarios, managing numerous simultaneous connections can strain system resources and require robust infrastructure.
Excessive data retrieval: A significant performance risk is an AI agent retrieving a massive dataset in a single query. This process can consume a large number of tokens, fill the AI’s context window, and cause bottlenecks at the database and client levels.
Context window usage: Tool definitions and the results of tool calls consume space in the AI’s context window. If a large number of tools are in use, this can limit the AI’s “working memory,” resulting in slower and less effective reasoning.
Optimizations for high performance::
Caching:
Caching is a crucial strategy for mitigating the performance overhead of MCP.
In-memory caching: The MCP server can cache results from frequent or expensive database queries in memory (e.g., using Redis or Memcached). This approach enables repeat requests to be served almost instantly without requiring a database hit.
Semantic caching: Advanced techniques can cache the results of previous queries and serve them for semantically similar future requests, reducing token consumption and improving speed for conversational applications.
Efficient queries and resource management:
Designing the MCP server and its database interactions for efficiency is critical.
Optimized SQL: The MCP server should generate optimized SQL queries. Database indexes should be utilized effectively to expedite lookups and minimize load.
Pagination and filtering: To prevent a single query from overwhelming the system, the MCP server should implement pagination. The AI agent can be prompted to use filtering parameters to retrieve only the necessary data.
Connection pooling: This technique reuses existing database connections instead of opening a new one for each request, thereby reducing latency and database load.
Load balancing and scaling:
For large-scale enterprise deployments, scaling is essential for maintaining performance.
Multiple servers: The workload can be distributed across various MCP servers. One server could handle read requests, and another could handle writes.
Load balancing: A reverse proxy or other load-balancing solution can distribute incoming traffic across MCP server instances. Autoscaling can dynamically add or remove servers in response to demand.
The performance trade-off in perspective:
For AI-driven tasks, a slight increase in latency for database access is often a worthwhile trade-off for significant gains.
Improved accuracy: Accessing real-time, high-quality data through MCP leads to more accurate and relevant AI responses, reducing “hallucinations”.
Scalable ecosystem: The standardization of MCP reduces development overhead and allows for a more modular, scalable ecosystem, which saves significant engineering resources compared to building custom integrations.
Decoupled architecture: The MCP server decouples the AI model from the database, allowing each to be optimized and scaled independently.
We’ll go ahead and conclude this post here & continue discussing on a further deep dive in the next post.
Till then, Happy Avenging! 🙂
Note: All the data & scenarios posted here are representational data & scenarios & available over the internet & for educational purposes only. There is always room for improvement in this kind of model & the solution associated with it. I’ve shown the basic ways to achieve the same for educational purposes only.
Today, we won’t be discussing any solutions. Today, we’ll be discussing the Agentic AI & its implementation in the Enterprise landscape in a series of upcoming posts.
So, hang tight! We’re about to launch a new venture as part of our knowledge drive.
What is Agentic AI?
Agentic AI refers to artificial intelligence systems that can act autonomously to achieve goals, making decisions and taking actions without constant human oversight. Unlike traditional AI, which responds to prompts, agentic AI can plan, reason about next steps, utilize tools, and work toward objectives over extended periods of time.
Key characteristics of agentic AI include:
Autonomy and Goal-Directed Behavior: These systems can pursue objectives independently, breaking down complex tasks into smaller steps and executing them sequentially.
Tool Use and Environment Interaction: Agentic AI can interact with external systems, APIs, databases, and software tools to gather information and perform actions in the real world.
Planning and Reasoning: They can develop multi-step strategies, adapt their approach based on feedback, and reason through problems to find solutions.
Persistence: Unlike single-interaction AI, agentic systems can maintain context and continue working on tasks across multiple interactions or sessions.
Decision Making: They can evaluate options, weigh trade-offs, and make choices about how to proceed when faced with uncertainty.
Foundational Elements of Agentic AI Architectures:
Agentic AI systems have several interconnected components that work together to enable intelligent behaviour. Each element plays a crucial role in the overall functioning of the AI system, and they must interact seamlessly to achieve desired outcomes. Let’s explore each of these components in more detail.
Sensing:
The sensing module serves as the AI’s eyes and ears, enabling it to understand its surroundings and make informed decisions. Think of it as the system that helps the AI “see” and “hear” the world around it, much like how humans use their senses.
Gathering Information: The system collects data from multiple sources, including cameras for visual information, microphones for audio, sensors for physical touch, and digital systems for data. This step provides the AI with a comprehensive understanding of what’s happening.
Making Sense of Data: Raw information from sensors can be messy and overwhelming. This component processes the data to identify the essential patterns and details that actually matter for making informed decisions.
Recognizing What’s Important: Utilizing advanced techniques such as computer vision (for images), natural language processing (for text and speech), and machine learning (for data patterns), the system identifies and understands objects, people, events, and situations within the environment.
This sensing capability enables AI systems to transition from merely following pre-programmed instructions to genuinely understanding their environment and making informed decisions based on real-world conditions. It’s the difference between a basic automated system and an intelligent agent that can adapt to changing situations.
Observation:
The observation module serves as the AI’s decision-making center, where it sets objectives, develops strategies, and selects the most effective actions to take. This step is where the AI transforms what it perceives into purposeful action, much like humans think through problems and devise plans.
Setting Clear Objectives: The system establishes specific goals and desired outcomes, giving the AI a clear sense of direction and purpose. This approach helps ensure all actions are working toward meaningful results rather than random activity.
Strategic Planning: Using information about its own capabilities and the current situation, the AI creates step-by-step plans to reach its goals. It considers potential obstacles, available resources, and different approaches to find the most effective path forward.
Intelligent Decision-Making: When faced with multiple options, the system evaluates each choice against the current circumstances, established goals, and potential outcomes. It then selects the action most likely to move the AI closer to achieving its objectives.
This observation capability is what transforms an AI from a simple tool that follows commands into an intelligent system that can work independently toward business goals. It enables the AI to handle complex, multi-step tasks and adapt its approach when conditions change, making it valuable for a wide range of applications, from customer service to project management.
Action:
The action module serves as the AI’s hands and voice, turning decisions into real-world results. This step is where the AI actually puts its thinking and planning into action, carrying out tasks that make a tangible difference in the environment.
Control Systems: The system utilizes various tools to interact with the world, including motors for physical movement, speakers for communication, network connections for digital tasks, and software interfaces for system operation. These serve as the AI’s means of reaching out and making adjustments.
Task Implementation: Once the cognitive module determines the action to take, this component executes the actual task. Whether it’s sending an email, moving a robotic arm, updating a database, or scheduling a meeting, this module handles the execution from start to finish.
This action capability is what makes AI systems truly useful in business environments. Without it, an AI could analyze data and make significant decisions, but it couldn’t help solve problems or complete tasks. The action module bridges the gap between artificial intelligence and real-world impact, enabling AI to automate processes, respond to customers, manage systems, and deliver measurable business value.
Technology that is primarily involved in the Agentic AI is as follows –
1. Machine Learning
2. Deep Learning
3. Computer Vision
4. Natural Language Processing (NLP)
5. Planning and Decision-Making
6. Uncertainty and Reasoning
7. Simulation and Modeling
Agentic AI at Scale: MCP + A2A:
In an enterprise setting, agentic AI systems utilize the Model Context Protocol (MCP) and the Agent-to-Agent (A2A) protocol as complementary, open standards to achieve autonomous, coordinated, and secure workflows. An MCP-enabled agent gains the ability to access and manipulate enterprise tools and data. At the same time, A2A allows a network of these agents to collaborate on complex tasks by delegating and exchanging information.
This combined approach allows enterprises to move from isolated AI experiments to strategic, scalable, and secure AI programs.
How do the protocols work together in an enterprise?
Protocol
Function in Agentic AI
Focus
Example use case
Model Context Protocol (MCP)
Equips a single AI agent with the tools and data it needs to perform a specific job.
Vertical integration: connecting agents to enterprise systems like databases, CRMs, and APIs.
A sales agent uses MCP to query the company CRM for a client’s recent purchase history.
Agent-to-Agent (A2A)
Enables multiple specialized agents to communicate, delegate tasks, and collaborate on a larger, multi-step goal.
Horizontal collaboration: allowing agents from different domains to work together seamlessly.
An orchestrating agent uses A2A to delegate parts of a complex workflow to specialized HR, IT, and sales agents.
Advantages for the enterprise:
End-to-end automation: Agents can handle tasks from start to finish, including complex, multi-step workflows, autonomously.
Greater agility and speed: Enterprise-wide adoption of these protocols reduces the cost and complexity of integrating AI, accelerating deployment timelines for new applications.
Enhanced security and governance: Enterprise AI platforms built on these open standards incorporate robust security policies, centralized access controls, and comprehensive audit trails.
Vendor neutrality and interoperability: As open standards, MCP and A2A allow AI agents to work together seamlessly, regardless of the underlying vendor or platform.
Adaptive problem-solving: Agents can dynamically adjust their strategies and collaborate based on real-time data and contextual changes, leading to more resilient and efficient systems.
We will discuss this topic further in our upcoming posts.
Till then, Happy Avenging! 🙂
Note: All the data & scenarios posted here are representational data & scenarios & available over the internet & for educational purposes only. There is always room for improvement in this kind of model & the solution associated with it. I’ve shown the basic ways to achieve the same for educational purposes only.
Today, we’ll discuss another topic in our two-part series. We will understand the importance of the MCP protocol for communicating between agents.
This will be an in-depth highly technical as well as depicting using easy-to-understand visuals.
But, before that, let us understand the demo first.
Isn’t it exciting?
MCP Protocol:
Let us first understand in easy language about the MCP protocol.
MCP (Multi-Agent Communication Protocol) is a custom message exchange system that facilitates structured and scalable communication among multiple AI agents operating within an application. These agents collaborate asynchronously or in real-time to complete complex tasks by sharing results, context, and commands through a common messaging layer.
How MCP Protocol Helps:
Feature
Benefit
Agent-Oriented Architecture
Each agent handles a focused task, improving modularity and scalability.
Event-Driven Message Passing
Agents communicate based on triggers, not polling—leading to faster and efficient responses.
Structured Communication Format
All messages follow a standard format (e.g., JSON) with metadata for sender, recipient, type, and payload.
State Preservation
Agents maintain context across messages using memory (e.g., ConversationBufferMemory) to ensure coherence.
How It Works (Step-by-Step):
📥 User uploads or streams a video.
🧑💻 MCP Protocol triggers the Transcription Agent to start converting audio into text.
🌐 Translation Agent receives this text (if a different language is needed).
🧾 Summarization Agent receives the translated or original transcript and generates a concise summary.
📚 Research Agent checks for references or terminology used in the video.
📄 Documentation Agent compiles the output into a structured report.
🔁 All communication between agents flows through MCP, ensuring consistent message delivery and coordination.
Now, let us understand the solution that we intend to implement for our solutions:
This app provides live summarization and contextual insights from videos such as webinars, interviews, or YouTube recordings using multiple cooperating AI agents. These agents may include:
Transcription Agent: Converts spoken words to text.
Translation Agent: Translates text to different languages (if needed).
Summarization Agent: Generates concise summaries.
Research Agent: Finds background or supplementary data related to the discussion.
Documentation Agent: Converts outputs into structured reports or learning materials.
We need to understand one more thing before deep diving into the code. Part of your conversation may be mixed, like part Hindi & part English. So, in that case, it will break the sentences into chunks & then convert all of them into the same language. Hence, the following rules are applied while translating the sentences –
Now, we will go through the basic frame of the system & try to understand how it fits all the principles that we discussed above for this particular solution mapped against the specific technology –
Documentation Agent built with the LangChain framework
Research Agent built with the AutoGen framework
MCP Broker for seamless communication between agents
Process Flow:
Let us understand from the given picture the flow of the process that our app is trying to implement –
Great! So, now, we’ll focus on some of the key Python scripts & go through their key features.
But, before that, we share the group of scripts that belong to specific tasks.
Message-Chaining Protocol (MCP) Implementation:
clsMCPMessage.py
clsMCPBroker.py
YouTube Transcript Extraction:
clsYouTubeVideoProcessor.py
Language Detection:
clsLanguageDetector.py
Translation Services & Agents:
clsTranslationAgent.py
clsTranslationService.py
Documentation Agent:
clsDocumentationAgent.py
Research Agent:
clsResearchAgent.py
Now, we’ll review some of the script in this post, along with the next post, as a continuation from this post.
CODE:
clsMCPMessage.py (This is one of the main or key scripts that will help enable implementation of the MCP protocols)
classclsMCPMessage(BaseModel):"""Message format for MCP protocol"""id:str=Field(default_factory=lambda:str(uuid.uuid4())) timestamp:float=Field(default_factory=time.time) sender:str receiver:str message_type:str# "request", "response", "notification" content: Dict[str, Any] reply_to: Optional[str]=None conversation_id:str metadata: Dict[str, Any]={}classclsMCPBroker:"""Message broker for MCP protocol communication between agents"""def__init__(self):self.message_queues: Dict[str, queue.Queue]={}self.subscribers: Dict[str, List[str]]={}self.conversation_history: Dict[str, List[clsMCPMessage]]={}defregister_agent(self,agent_id:str)->None:"""Register an agent with the broker"""if agent_id notinself.message_queues:self.message_queues[agent_id]= queue.Queue()self.subscribers[agent_id]=[]defsubscribe(self,subscriber_id:str,publisher_id:str)->None:"""Subscribe an agent to messages from another agent"""if publisher_id inself.subscribers:if subscriber_id notinself.subscribers[publisher_id]:self.subscribers[publisher_id].append(subscriber_id)defpublish(self,message: clsMCPMessage)->None:"""Publish a message to its intended receiver"""# Store in conversation historyif message.conversation_id notinself.conversation_history:self.conversation_history[message.conversation_id]=[]self.conversation_history[message.conversation_id].append(message)# Deliver to direct receiverif message.receiver inself.message_queues:self.message_queues[message.receiver].put(message)# Deliver to subscribers of the senderfor subscriber inself.subscribers.get(message.sender,[]):if subscriber != message.receiver:# Avoid duplicatesself.message_queues[subscriber].put(message)defget_message(self,agent_id:str,timeout: Optional[float]=None)-> Optional[clsMCPMessage]:"""Get a message for the specified agent"""try:returnself.message_queues[agent_id].get(timeout=timeout)except(queue.Empty,KeyError):returnNonedefget_conversation_history(self,conversation_id:str)-> List[clsMCPMessage]:"""Get the history of a conversation"""returnself.conversation_history.get(conversation_id,[])
Imagine a system where different virtual agents (like robots or apps) need to talk to each other. To do that, they send messages back and forth—kind of like emails or text messages. This code is responsible for:
Making sure those messages are properly written (like filling out all parts of a form).
Making sure messages are delivered to the right people.
Keeping a record of conversations so you can go back and review what was said.
This part (clsMCPMessage) is like a template or a form that every message needs to follow. Each message has:
ID: A unique number so every message is different (like a serial number).
Time Sent: When the message was created.
Sender & Receiver: Who sent the message and who is supposed to receive it.
Type of Message: Is it a request, a response, or just a notification?
Content: The actual information or question the message is about.
Reply To: If this message is answering another one, this tells which one.
Conversation ID: So we know which group of messages belongs to the same conversation.
Extra Info (Metadata): Any other small details that might help explain the message.
This (clsMCPBroker) is the system (or “post office”) that makes sure messages get to where they’re supposed to go. Here’s what it does:
1. Registering an Agent
Think of this like signing up a new user in the system.
Each agent gets their own personal mailbox (called a “message queue”) so others can send them messages.
2. Subscribing to Another Agent
If Agent A wants to receive copies of messages from Agent B, they can “subscribe” to B.
This is like signing up for B’s newsletter—whenever B sends something, A gets a copy.
3. Sending a Message
When someone sends a message:
It is saved into a conversation history (like keeping emails in your inbox).
It is delivered to the main person it was meant for.
And, if anyone subscribed to the sender, they get a copy too—unless they’re already the main receiver (to avoid sending duplicates).
4. Receiving Messages
Each agent can check their personal mailbox to see if they got any new messages.
If there are no messages, they’ll either wait for some time or move on.
5. Viewing Past Conversations
You can look up all messages that were part of a specific conversation.
This is helpful for remembering what was said earlier.
In systems where many different smart tools or services need to work together and communicate, this kind of communication system makes sure everything is:
Organized
Delivered correctly
Easy to trace back when needed
So, in this post, we’ll finish it here. We’ll cover the rest of the post in the next post.
I’ll bring some more exciting topics in the coming days from the Python verse.
Till then, Happy Avenging! 🙂
Note: All the data & scenarios posted here are representational data & scenarios & available over the internet & for educational purposes only. There is always room for improvement in this kind of model & the solution associated with it. I’ve shown the basic ways to achieve the same for educational purposes only.
You must be logged in to post a comment.