Model Context Protocol (MCP) โ the open standard that turns AI from a chatbot into a system that can query databases, call APIs, and take actions.
Without MCP, AI can only work with text you paste into it. It can't look things up, check databases, or take actions in your systems. MCP changes that.
Export CSV โ paste into chat โ AI analyzes what you gave it. Manual, one-at-a-time.
AI queries your database directly, gets exactly what it needs, analyzes live data. Automatic.
Just as USB-C connects any device to any peripheral, MCP connects any AI to any data source.
Works with Claude, ChatGPT, Kiro, Cursor, VS Code โ build once, connect everywhere.
Your team works with databases, spreadsheets, document stores, and internal APIs every day. MCP lets AI access these systems the same way you do โ but faster.
| Today (Manual) | With MCP (Automated) |
|---|---|
| Export merchant data to CSV, paste into AI | AI queries merchant database directly |
| Open 50 invoices one by one | AI scans the invoice folder automatically |
| Check compliance status in 3 different systems | AI checks all 3 systems in one request |
| Copy transaction data, format it, paste it | AI runs SQL query, gets exactly what it needs |
| Manually send Slack alert when issue found | AI sends the alert automatically via MCP |
MCP follows a simple client-server pattern. The AI application (Kiro) is the host. It creates clients that connect to servers. Each server provides access to a specific data source or tool.
Every MCP server can expose three types of capabilities:
Actions the AI can perform: run a SQL query, call an API, send a message. The AI decides when to use them.
Data the AI can read: file contents, database schemas, API responses. Like giving the AI access to a document.
Reusable templates that structure how the AI interacts with the server. Like pre-built query patterns.
When you configure an MCP server in Kiro, here's what happens under the hood:
| Step | What happens | You see |
|---|---|---|
| 1. Configure | You add the server to .kiro/settings/mcp.json | Edit a JSON file |
| 2. Connect | Kiro launches the MCP server process and negotiates capabilities | Green checkmark โ in MCP panel |
| 3. Discover | Kiro asks the server "what tools do you have?" via tools/list | Tool names appear in the panel |
| 4. Use | When you ask a question, Kiro decides which tool to call and sends a tools/call request | AI response includes data from the server |
Watch messages flow through the full MCP architecture as you ask a question. Each step shows exactly what's happening between components.
These are the most common MCP servers your team would use. You specify what connections are needed in the Agent Design Canvas โ your tech team configures the actual servers.
| MCP Server | Connects to | Finance use case | Setup |
|---|---|---|---|
| SQLite / PostgreSQL | Databases | Query merchant data, transaction history, compliance records | Config only |
| Filesystem | File directories | Process folders of invoices, scan regulatory documents | Config only |
| Slack / Teams | Team messaging | Send alerts when RED-rated merchant detected | API key |
| Google Drive / S3 | Document storage | Read policy documents for RAG grounding | OAuth / IAM |
| Email (SMTP) | Email systems | Send compliance reports, escalation alerts | SMTP config |
| Custom REST API | Internal services | Call risk scoring engine, KYC verification | Custom build |
This is what an MCP configuration looks like in Kiro. It's a simple JSON file โ no code required:
That's it โ 7 lines of JSON. Kiro launches the SQLite MCP server, connects to it, and you can start querying the database in plain English.
MCP is the fourth and final layer of the Kiro automation stack. Here's how all 4 layers work together:
| Layer | What it does | In the fraud detection workflow |
|---|---|---|
| Steering | Sets global rules | SGD currency, no PII, GREEN/AMBER/RED ratings |
| Skill | Defines the investigation process | Fraud Investigation Lead persona, 6-section report format, guardrails |
| Hook | Triggers automatically | New .alert file โ run fraud investigation skill |
| MCP | Connects to data | SQLite server โ query merchant profile, transactions, compliance alerts |
| Day | What you learned | What you built |
|---|---|---|
| Day 1 | What AI can do, responsible AI, use cases | Understanding + GenAI playbook |
| Day 2 | Prompt engineering techniques | Reusable prompt templates |
| Day 3 | Agentic AI, skills, hooks, MCP | Working agent with database connection |
The thread: Day 1's responsible AI โ enforced by Day 3's guardrails. Day 2's prompt templates โ become Day 3's skills. Day 2's RAG grounding โ becomes Day 3's MCP connections. Everything builds on what came before.