Hakuhodo DY ONE Inc. (Headquarters: Minato-ku, Tokyo, Representative Director and President: Hiroaki Kitazume, hereinafter Hakuhodo DY ONE) will launch support for the implementation of MCP*1 to 'securely and manageably connect' AI agents with external data and business systems. We will provide end-to-end support for MCP implementation from design to implementation and operation, to solve the security and governance issues that are emerging as the application of AI agents in business rapidly advances, thereby promoting corporate AI utilization.

Background As the business use of generative AI expands, use cases where AI agents link with external data and business systems to autonomously handle information retrieval, updating, and processing execution are on the rise. MCP is gathering attention as an open standard to standardize such linkages, and the consideration and implementation of business automation based on the premise of connecting to business systems like internal databases and DWH, in addition to SaaS like Slack, Notion, and Box, is progressing.

On the other hand, while MCP is a mechanism to standardize connections, it does not include features such as destination management, permission settings, logging, and authentication. As a result, new security and governance risks are emerging, such as the mixing of suspicious destinations, data access unknown to IT management departments, and difficulties in identifying causes due to a lack of operation logs. However, the reality is that many companies are not fully aware of these risks and have not taken appropriate countermeasures.

Hakuhodo DY ONE has been developing the AI agent-type marketing support service 'ONE-AIGENT'*2 since August 2025 as part of the activities of HCAI Professionals, a cross-sectional group of AI experts in the Hakuhodo DY Group. Within this, we provide the 'AI Agent Construction Support Service' and promote technical support and consulting for MCP implementation*3.

This time, as an enhancement to the service, we will provide end-to-end support for design, implementation, and operation to not just 'connect', but 'securely and manageably connect' in AI agent implementation using MCP. This enables companies to reduce security and governance risks associated with MCP implementation, while advancing convenience and operational efficiency for frontline departments, and simultaneously achieving the control, auditing, and incident response required by IT management departments. Based on the knowledge of implementing AI into operations in the advertising and marketing domains, Hakuhodo DY ONE will not only build the foundation but also accompany clients in permission design that can be operated on-site, rule development, integration into business flows, internal penetration, and training, ensuring that AI utilization does not end merely as a 'tool introduction' but leads to continuous results.

Overview 1. Controlled MCP Integration Design Based on the premise that an AI agent can access multiple business systems via MCP, we propose an overall design and implementation policy that meets the requirements (5 points below) sought by corporate IT management departments.

- Whitelist Management of Connections We catalog the MCP servers (connections) available to employees by department or individual, allowing only authorized connections to be used. This prevents the mixing of suspicious connections disguised as legitimate services and suppresses the independent introduction and use of unauthorized IT tools by employees, thereby preventing unintended information leaks.

- Permission Design For the functions and data provided by the MCP server, we define operation scopes such as 'Read Only / Update Allowed / Execute Allowed'...

FACT BOX

  • Source: PR TIMES
  • Category: New Product
  • Organizations: Slack / Notion / Box
  • Products / services: ONE-AIGENT