Hakuhodo DY ONE Launches MCP Implementation Support to Securely and Manageably Connect AI Agents with Business Systems
Hakuhodo DY ONE has started a service to support the implementation of 'MCP' to connect AI agents with business systems securely. It provides end-to-end support from design to operation to solve security and governance issues.
📋 Article Processing Timeline
- 📰 Published: April 9, 2026 at 20:03
- 🔍 Collected: April 9, 2026 at 11:30
- 🤖 AI Analyzed: April 20, 2026 at 11:20 (263h 50m after Collected)
Hakuhodo DY ONE Inc. (Headquarters: Minato-ku, Tokyo, Representative Director and President: Hiroaki Kitazume, hereinafter Hakuhodo DY ONE) will launch support for the implementation of MCP*1 to 'securely and manageably connect' AI agents with external data and business systems. We will provide end-to-end support for MCP implementation from design to implementation and operation, to solve the security and governance issues that are emerging as the application of AI agents in business rapidly advances, thereby promoting corporate AI utilization.
■ Background
As the business use of generative AI expands, use cases where AI agents link with external data and business systems to autonomously handle information retrieval, updating, and processing execution are on the rise. MCP is gathering attention as an open standard to standardize such linkages, and the consideration and implementation of business automation based on the premise of connecting to business systems like internal databases and DWH, in addition to SaaS like Slack, Notion, and Box, is progressing.
On the other hand, while MCP is a mechanism to standardize connections, it does not include features such as destination management, permission settings, logging, and authentication. As a result, new security and governance risks are emerging, such as the mixing of suspicious destinations, data access unknown to IT management departments, and difficulties in identifying causes due to a lack of operation logs. However, the reality is that many companies are not fully aware of these risks and have not taken appropriate countermeasures.
Hakuhodo DY ONE has been developing the AI agent-type marketing support service 'ONE-AIGENT'*2 since August 2025 as part of the activities of HCAI Professionals, a cross-sectional group of AI experts in the Hakuhodo DY Group. Within this, we provide the 'AI Agent Construction Support Service' and promote technical support and consulting for MCP implementation*3.
This time, as an enhancement to the service, we will provide end-to-end support for design, implementation, and operation to not just 'connect', but 'securely and manageably connect' in AI agent implementation using MCP. This enables companies to reduce security and governance risks associated with MCP implementation, while advancing convenience and operational efficiency for frontline departments, and simultaneously achieving the control, auditing, and incident response required by IT management departments. Based on the knowledge of implementing AI into operations in the advertising and marketing domains, Hakuhodo DY ONE will not only build the foundation but also accompany clients in permission design that can be operated on-site, rule development, integration into business flows, internal penetration, and training, ensuring that AI utilization does not end merely as a 'tool introduction' but leads to continuous results.
■ Overview
1. Controlled MCP Integration Design
Based on the premise that an AI agent can access multiple business systems via MCP, we propose an overall design and implementation policy that meets the requirements (5 points below) sought by corporate IT management departments.
- Whitelist Management of Connections
We catalog the MCP servers (connections) available to employees by department or individual, allowing only authorized connections to be used. This prevents the mixing of suspicious connections disguised as legitimate services and suppresses the independent introduction and use of unauthorized IT tools by employees, thereby preventing unintended information leaks.
- Permission Design
For the functions and data provided by the MCP server, we define operation scopes such as 'Read Only / Update Allowed / Execute Allowed'...
■ Background
As the business use of generative AI expands, use cases where AI agents link with external data and business systems to autonomously handle information retrieval, updating, and processing execution are on the rise. MCP is gathering attention as an open standard to standardize such linkages, and the consideration and implementation of business automation based on the premise of connecting to business systems like internal databases and DWH, in addition to SaaS like Slack, Notion, and Box, is progressing.
On the other hand, while MCP is a mechanism to standardize connections, it does not include features such as destination management, permission settings, logging, and authentication. As a result, new security and governance risks are emerging, such as the mixing of suspicious destinations, data access unknown to IT management departments, and difficulties in identifying causes due to a lack of operation logs. However, the reality is that many companies are not fully aware of these risks and have not taken appropriate countermeasures.
Hakuhodo DY ONE has been developing the AI agent-type marketing support service 'ONE-AIGENT'*2 since August 2025 as part of the activities of HCAI Professionals, a cross-sectional group of AI experts in the Hakuhodo DY Group. Within this, we provide the 'AI Agent Construction Support Service' and promote technical support and consulting for MCP implementation*3.
This time, as an enhancement to the service, we will provide end-to-end support for design, implementation, and operation to not just 'connect', but 'securely and manageably connect' in AI agent implementation using MCP. This enables companies to reduce security and governance risks associated with MCP implementation, while advancing convenience and operational efficiency for frontline departments, and simultaneously achieving the control, auditing, and incident response required by IT management departments. Based on the knowledge of implementing AI into operations in the advertising and marketing domains, Hakuhodo DY ONE will not only build the foundation but also accompany clients in permission design that can be operated on-site, rule development, integration into business flows, internal penetration, and training, ensuring that AI utilization does not end merely as a 'tool introduction' but leads to continuous results.
■ Overview
1. Controlled MCP Integration Design
Based on the premise that an AI agent can access multiple business systems via MCP, we propose an overall design and implementation policy that meets the requirements (5 points below) sought by corporate IT management departments.
- Whitelist Management of Connections
We catalog the MCP servers (connections) available to employees by department or individual, allowing only authorized connections to be used. This prevents the mixing of suspicious connections disguised as legitimate services and suppresses the independent introduction and use of unauthorized IT tools by employees, thereby preventing unintended information leaks.
- Permission Design
For the functions and data provided by the MCP server, we define operation scopes such as 'Read Only / Update Allowed / Execute Allowed'...
FAQ
What is MCP?
A standard specification for integrating AI agents with external data and business systems.
What is the strength of Hakuhodo DY ONE's MCP implementation support?
It consistently supports secure design and implementation that meets the security and governance requirements demanded by IT departments, such as managing a whitelist of connection destinations and designing permissions.
What risks can be prevented?
It can reduce security risks such as the inclusion of suspicious connection destinations and information leaks due to unauthorized data access.