MCP's Missing Layer: How to Keep Your Business Relevant in the Era of AI-Driven Customer Experiences

Businesses building consumer-facing AI agents face an existential threat: losing relevance & direct relationships with their customers
December 9, 2025

Anthropic's Model Context Protocol (MCP) has energized the technology and AI development community, and for good reason. By establishing a universal standard for connecting AI systems with data sources, MCP promises to eliminate the fragmentation that's been holding back AI agents. No more building custom integrations for every data source. No more choosing between depth and breadth. Just clean, standardized connections.

But here's what keeps B2C enterprise leaders awake at night: if customer data lives exclusively in AI vendor infrastructure, who owns the customer relationship?

When your customers' financial insights live in ChatGPT's memory, their shopping preferences in Claude's context, or their health data in Gemini's storage, the AI vendor becomes the interface. You become disintermediated from your own customers.

As we've been building with MCP at Inrupt, we've discovered something critical: connectivity without control doesn't just create security problems. It also introduces major competitive vulnerabilities.

MCP gives AI vendors a direct line to your customers and their data. Without a strategy for where that data persists and who controls access, consumer-facing businesses are actually building the infrastructure for their own replacement in the customer relationship.

What Vendor & In-House MCP Integrations Don’t Solve

Here's the scenario every enterprise faces when deploying agentic services, products, or experiences for customers: Let’s say an agent only needs access to a customer's transaction history for the last 3 months, or a specific subset of their wellness data. With MCP, the technical connection is straightforward. But the security model? That's where things get concerning.

Current vendor-provided MCP authentication treats AI agents like they're the user. Full access. Zero granularity. It's the digital equivalent of handing over your entire key ring when someone asks to borrow your car.

The other option? Your developers build a bespoke MCP integration in-house that sits in front of your customer database and constrains access to the data that’s made available. The issue? Bespoke MCP integrations are highly resource-intensive, come with undefined costs and ongoing maintenance, and lack external support or expertise

Building with MCP at Inrupt

At Inrupt, our enterprise infrastructure's Enterprise Solid Server (ESS) enables businesses serving millions of customers to integrate Data Wallet capabilities into existing apps or build new offerings to deliver secure, scalable, and hyper-personalized experiences powered by authentic customer data. This technology empowers customers with agency over their personal data, how it's used, and how it's shared all from their customer-controlled Data Wallet that holds multi-purpose personal in exchange for more personalized, relevant, and trusted experiences.

For B2C enterprises also actively investing in consumer-facing AI agents and experiences, we then integrated MCP in order to connect LLMs to ESS, creating our Agentic Wallet™ infrastructure. Think of it as giving LLMs the identity and permissions layer they need to securely access consented customer data across different models and contexts.

The architecture is straightforward but powerful:

  • Granular Permissions: 
    • AI agents get secure access to exactly what they need: a specific bank statement or transaction, one media folder, a limited subset of health data. Nothing more. 
    • Solid’s granular access control means permissions are explicit, auditable, and revocable in real-time, and Inrupt makes this scalable for enterprises serving millions of customers. 
  • Time-Bound & Purpose-Bound Access: Request access to a customer’s driver's license, tax form from a specific year, or 3-month transaction history for only 24 hours and/or for only a specific purpose. After that? Access automatically expires and notifications inform data consumers that their access has changed. No lingering permissions. 
  • Agent Identity: Instead of treating agents as extensions of the user, ESS gives them distinct identities with specific roles. This means you can audit what the agent did, separate from what your customer did, and enforce different policies for agentic actions.

AI Agents’ Memory Problems & MCP

We're seeing this pattern repeatedly: developers build sophisticated MCP-enabled agents that pull data from multiple sources, generate insights, and create new content. Then they face a fundamental question: where does this new data go? Who will be able to access it, and for what purpose? 

Inrupt solves this by providing the persistent storage layer for an enterprise’s agent infrastructure:

  • Cross-System Memory: Take a simple example: An agent working in your MCP-enabled environment generates insights from a customer’s financial data. Those insights get stored in the customer’s Data Wallet. Later, a different agent in your ecosystem—even one running on a completely different AI platform—can access that context (with the consumer’s permission) and build on it. Your knowledge base evolves continuously, regardless of which tools you're using.
  • Structured & Unstructured Data Storage: Unlike text-only "memory" systems, Data Wallets and Agentic Walletsstore any type of personal data: files, structured records, media, relationships. When an agent processes a customer’s purchase history and extracts structured retail preferences data, that lives in their Data Wallet. Maximum storage capacity is determined by the business operator. 
  • Secure Organization for Natural Language Control: "Move all my 2024 tax forms from my email into the 'Taxes' folder in my Data Wallet", or “Share only my 2025 tax forms for the next 24 hours”. The MCP connection handles the technical orchestration, while Inrupt’s infrastructure manages the security and long-term organization.

This architecture aligns with MCP's vision of interoperability, but extends it from connectivity to continuity.

Compliance & Security by Design 

The combination of MCP and ESS also fundamentally shifts the security and compliance equation:

  • Least Privilege by Default: Security teams can finally enforce the principle of least privilege for AI agents. Instead of binary access decisions, customers get granular control: this agent, this data, this duration, this purpose.
  • Transparent Operations: Agent actions such as create, read, update, delete, and data access requests are logged in the audit trail. When compliance asks "what did the AI access and why?", you have answers and proof.
  • Progressive Trust: Start with minimal permissions and expand as the agent proves trustworthy. Solid's granular access control model makes this natural, not burdensome.
  • User Control: The agent can't do anything the user hasn't explicitly permitted, and users can revoke access instantly if something feels wrong.

A New & Improved Developer Experience 

With Inrupt's approach and capabilities, developers building with MCP also greatly benefit from customer-centric data storage with fine-grained access controls:

  • Familiar MCP Interface: Standard MCP client connections means no proprietary APIs to learn.
  • Enhanced Security: Automatic enforcement of Solid's access control policies on every operation. Developers can store data securely without it being automatically available everywhere, as it’s only made available under the permitted conditions (where an access grant exists; where access is explicitly requested).
  • Consent Management: Direct integration with Solid's Access Grant system. Agents request access; users approve or deny through natural interfaces.
  • Natural Language Operations: The combination of MCP and Agentic Wallets™ enables truly transparent, conversational data management: "Who currently has access to my driver’s license information?" or "Car Rental Agency XYZ is requesting access to your driver's license for the next 48 hours.”

The following example demonstrates how an AI Agent, embedded within a mobile banking app, would interact with "ACME Bank"'s customer and their personal data:

A visual showing how AI agents interact with consented customer data via Inrupt
An AI Agent requesting secure access to consented personal data in the customer's Agentic Wallet™ via Inrupt's MCP Server
  1. ACME's customer interacts with the new Agent inside the existing Mobile Banking App - asking for a loan assessment. This existing app is extended with Data Wallet capabilities from Inrupt (ESS APIs)
  2. The App Agent interacts with ESS to request access to customer data for the purpose of processing a loan application (ESS APIs)
  3. The request for access to data is sent to the customer’s mobile device (ESS APIs/Notifications) using the Data Wallet capabilities
  4. The customer uses the Data Wallet capabilities to approve (or reject) the request
  5. Following approval from the customer in their mobile app, an Access Grant is created for the Agent to interact with wallet data (ESS APIs) for the specific purpose specified (to process a loan application). The agent interacts with the customer’s data using the ESS MCP Server
  6. Results are shared back with the user via the agent
  7. Once data is retrieved, the Financial Services Agent uses the data to perform the requested business process and returns the result, via the Customer Service Agent, back to the consumer.

What This Means for Enterprise AI Strategy

If you're building with MCP, you're already betting on open standards and interoperability. But the strategic question isn't just about technical architecture, it's about competitive positioning in an AI-native world.

Who owns the customer relationship when AI becomes the primary interface?

Without a deliberate strategy for where customer data and AI-generated insights persist, you're making a choice by default: the AI vendor becomes the platform, and your differentiation disappears. Your customer relationship becomes transactional. The AI vendor owns the continuous engagement, the personalized experience, the switching costs. Your business becomes a commodity data source in someone else's ecosystem.

MCP + ESS fundamentally changes this equation, however. When MCP provides the connectivity layer and ESS provides the control, persistence, and user-centric layer, you create an architecture that’s both powerful and practical via: 

  • Vendor Independence: Customer data and insights live in infrastructure you control, safely accessible to any AI platform through MCP's open standard. Your customers can use Claude today, GPT-5 tomorrow, and a specialized vertical agent next month without losing context and without your business losing the relationship.
  • Continuous Customer Value: Every AI interaction enriches the customer's Data Wallet with new insights, preferences, and context. That accumulating value is tied to your relationship, not to an AI vendor's platform.
  • Strategic Differentiation: While competitors allow AI vendors to intermediate their customer relationships, you offer something fundamentally different: AI-powered experiences where customers maintain control and where the value they create stays with them and with your business.

The enterprises that will thrive in the AI era aren't the ones with the most sophisticated MCP integrations. They're the ones who recognized early that connectivity without control means building someone else's moat.

The question isn't whether to deploy AI agents. It's whether those agents will work for you, or for the vendors providing them.

Together, MCP and Inrupt enable enterprises to not only survive the AI transformation, but maintain and strengthen direct customer relationships rather than surrendering them.

View All Posts

60-day free evaluation of Inrupt's Wallet Infrastructure

Get in touch to see if your organization qualifies

Inrupt logo
Terms & ConditionsPrivacy PolicyCookie PolicySupport PolicyLifecycle & Maintenance Policy
Your Privacy Choices
© 2020-2025 Inrupt, Inc., All Rights Reserved.