At-Scale AI with MCP for Manufacturing
Model Context Protocol (MCP) is rapidly becoming a foundational fabric for industrial AI and agent-based architectures. Manufacturing environments require ultra-secure, high-performance, and reliable communications between MCP clients and MCP servers—whether they reside in production lines, engineering systems, or cloud-based analytics platforms.
This post illustrates how MCP security can be enhanced for manufacturing environments using NetFoundry’s zero trust overlay networks. We describe both SDK-based (greenfield) and agent/gateway-based (brownfield) architectures for common manufacturing use cases.
The MCP Dilemma in Manufacturing
MCP enables AI agents and tools to coordinate effectively. However, MCP servers typically must accept inbound connections, which presents a major attack surface, particularly in brownfield OT and hybrid IT/OT environments.
While OAuth helps authenticate and authorize these connections at layer 7, it doesn’t prevent inbound network access – the MCP server receives the request, and then determines if it is authorized, meaning the MCP server is a reachable attack surface. This is a problem in high-stakes industrial environments where uptime, IP protection, and safety are paramount.
NetFoundry addresses this problem by removing the MCP server from the network entirely. MCP servers connect outbound to a NetFoundry overlay, and only authenticated, policy-authorized sessions can reach them. This eliminates the key attack surface.
MCP Security: OAuth + NetFoundry
By combining OAuth at the application layer and NetFoundry at the network layer, manufacturers achieve defense-in-depth. An attacker must compromise two independently managed and cryptographically strong systems to access any sensitive interface.
NetFoundry gateways use strong identity, mTLS, and centralized policy to authorize each session, without relying on IP whitelisting, firewall rules, or VPNs.
Deployment Options: NetFoundry SDK or Agent/Gateway
Greenfield (SDK-based): Embed the NetFoundry SDK directly into MCP clients and servers. Ideal for modern applications like LangGraph, Litmus IO, and SLIM.AI. There are no inbound listeners; all communications are outbound and identity-authenticated.
Brownfield (Agent/Gateway-based): Use NetFoundry tunnelers or agents on OT/IT systems or edge gateways. No application changes required. Ideal for environments where MCP runs inside legacy devices, control systems, or third-party software.
Manufacturing Use Cases: SDK-based Zero Trust
Predictive Maintenance AI for Industrial Robots
Scenario: An LLM-powered diagnostic agent collects telemetry from robotic arms and predicts failure probabilities.
Solution: Each robot edge node runs a Go-based agent that embeds the NetFoundry SDK. These agents dial a NetFoundry service (e.g. robot-diagnostics-ingest) hosted in the enterprise analytics platform.
Result: All robot data flows are outbound-only, encrypted, and authorized. No ports are open in the robots’ local subnets.
Zero-Trust MES to ERP Coordination
Scenario: A manufacturing execution system (MES) needs to send production updates to an ERP system in the corporate cloud.
Solution: Both the MES and ERP coordination agent are built in Go and embed the NetFoundry SDK. The MES agent dials a private NetFoundry service defined for the ERP bridge.
Result: Secure, outbound-only, identity-enforced updates with centralized logging. No firewall holes or VPN tunnels required.
AI-Based Quality Inspection at the Edge
Scenario: An AI model classifies defects from high-speed camera images and sends metadata to a central quality system.
Solution: The inspection agent embeds the NetFoundry SDK (e.g., Go-based, Python- based, C-based, Java-based, or .NET-based) and sends metadata to a private NetFoundry service, eliminating the need to expose the edge camera server to the network.
Result: Image processing stays local, metadata flows securely. No surface area forunauthorized network access.
Secure Tooling Feedback Loop for CNC Systems
Scenario: CNC machines report wear data to an LLM agent that recommends tool change intervals.
Solution: A CNC-side agent with the NetFoundry SDK sends data to a backend tool-optimization service, which also uses the SDK.
Result: Zero-trust communication between tooling systems and optimization AI.
Energy Optimization Agent for Factory Microgrids
Scenario: An LLM-based energy advisor queries local meters and suggests dynamic load-shifting plans.
Solution: All queries and responses flow through NetFoundry SDK-secured services between energy sensors and the optimization backend.
Result: Energy data remains protected from lateral movement attacks or unauthorized access.
Manufacturing Use Cases: Agent/Gateway-Based Zero Trust
AI-Driven Maintenance Scheduling Across Facilities
Scenario: Maintenance planners use AI to optimize schedules across factories.
Solution: MCP agents at each plant connect outbound via NetFoundry agents to a centralized AI engine. No inbound connectivity required.
Legacy SCADA to AI Bridge
Scenario: An older SCADA system streams OT data to an AI system for anomaly detection.
Solution: A NetFoundry edge gateway at the SCADA site routes traffic securely to an AI backend. SCADA system remains untouched.
Supplier Quality Collaboration
Scenario: Suppliers send part traceability data to an OEM AI model.
Solution: Each supplier runs a NetFoundry agent that dials a private endpoint exposed only to verified supplier identities.
Secure Digital Twin Synchronization
Scenario: Digital twin systems in plants synchronize with cloud-based simulation models.
Solution: NetFoundry gateway proxies manage secure synchronization traffic without exposing either endpoint.
Connected Worker AI Assistants
Scenario: Technicians use wearable devices to access LLM-powered assistance.
Solution: Wearables route requests to backend AI services over NetFoundry, using agent-based identity enforcement.
Conclusion
Manufacturing environments require robust, non-intrusive, and standards-compliant solutions to secure AI/LLM-based workflows. NetFoundry’s SDK and agent/gateway options enable MCP-based systems to operate without exposing MCP servers to the network, ensuring operational resilience, IP protection, and zero-trust compliance.
