AI in Financial Services

At-Scale AI with MCP in Financial Services: Securing Banking and Fintech Workflows
with NetFoundry

Model Context Protocol (MCP) is rapidly becoming essential to orchestrating secure, context-rich, AI-driven workflows in regulated sectors such as financial services. Banks and fintechs are deploying AI agents for everything from real-time risk scoring to dynamic fraud prevention, but these innovations introduce new attack surfaces. MCP agents and servers must communicate across zones with high assurance, and often across partner, cloud, and on-prem boundaries.

In this document, we demonstrate how NetFoundry’s zero trust overlay architecture secures these interactions at the network layer, complementing OAuth 2.1 at the application layer. We provide both SDK-based (greenfield) and agent/gateway-based (brownfield) implementations for real-world financial use cases, while covering key NetFoundry capabilities in identity, policy enforcement, posture checking, observability, and performance.

The Risk: AI + MCP Without Network-Level Security

OAuth 2.1 can secure MCP payloads, but leaves systems exposed to: – Inbound port scanning – Authorization logic flaws – Session replay or credential theft – Inadvertent data exposure due to network misconfiguration.

MCP servers, even if OAuth-protected, are often exposed to underlay networks for initial handshakes. That surface is unacceptable in zero trust financial environments.

NetFoundry: Defense-in-Depth for MCP Workflows

NetFoundry adds a security layer below MCP and OAuth:

With NetFoundry: – MCP servers do not have any exposed ports – All connections are outbound-only – Every flow is protected by mTLS, including SPIFFE SVIDs, or JWT-based identities from external providers – Access is policy-gated with real-time posture checks, MFA, and JIT session authorization – Observability includes per-identity audit logs, performance metrics, and connection traces.

Agent/Gateway-Based Use Cases (Brownfield MCP Systems)

1. Secure Batch Processing from Mainframe to AI Analytics

Regulations: FFIEC, COBIT, DORA

OAuth 2.1 authenticates batch workloads. NetFoundry gateway tunnels shield mainframe-originating sessions and allow only verified identities to access analytics MCP endpoints.

2. Bank-to-Fintech API Gateways (PSD2, OpenBanking)

Regulations: PSD2, EBA RTS, DORA

OAuth 2.1 governs access tokens for payment initiation. NetFoundry ensures fintech clients reach only the authorized APIs via overlay sessions.

3. Model Ops (MLOps) Pipelines in Hybrid Clouds

Regulations: ISO 27017, DORA

OAuth 2.1 secures GitOps CI/CD flows. NetFoundry provides overlay-based build agent connectivity, with session scoping tied to pipeline runs and traceability.

4. Third-Party AML Tool Ingestion

Regulations: BSA/AML, DORA

OAuth 2.1 handles auth between the third-party MCP client and compliance services. NetFoundry enforces zone isolation and policy-per-client controls.

5. AI-Driven Customer Support for Credit Disputes

Regulations: GDPR, CCPA, SOC 2

OAuth 2.1 manages customer token lifecycle. NetFoundry prevents external help desk services from reaching core systems outside of authenticated, scoped, JIT sessions.

Conclusion: NetFoundry in Financial MCP Architectures

NetFoundry offers: – Strong identity via PKI, including SPIFFE SVIDs, and/or JWT-based integration with external providers, per service or per endpoint – Authorization policies including role, device posture, compliance tier – mTLS with E2EE for all flows – Just-in-time (JIT) access grants – Multi-factor authentication for sensitive operations – Full observability with per-session logs and latency metrics – Flexible deployment (NaaS, on-prem, hybrid) for regulatory and operational fit.

Used in conjunction with OAuth 2.1, NetFoundry enforces defense-in-depth at both the application and network levels—ensuring MCP-based systems meet the compliance and resilience needs of modern financial environments.