LLMOps Database
Finance
Intuit
Company
Intuit
Title
MCP Marketplace: Scaling AI Agents with Organizational Context
Industry
Finance
Link
https://www.youtube.com/watch?v=lwgUX4Lvlvg
Year
2026
Summary (short)
Intuit, a global fintech platform, faced challenges scaling AI agents across their organization due to poor discoverability of Model Context Protocol (MCP) services, inconsistent security practices, and complex manual setup requirements. They built an MCP Marketplace, a centralized registry functioning as a package manager for AI capabilities, which standardizes MCP development through automated CI/CD pipelines for producers and provides one-click installation with enterprise-grade security for consumers. The platform leverages gRPC middleware for authentication, token management, and auditing, while collecting usage analytics to track adoption, service latency, and quality metrics, thereby democratizing secure context access across their developer organization.
Tags
fraud_detection
code_generation
regulatory_compliance
legacy_system_integration
agent_based
multi_agent_systems
human_in_the_loop
latency_optimization
cost_optimization
error_handling
mcp
evals
docker
kubernetes
cicd
continuous_deployment
continuous_integration
microservices
api_gateway
orchestration
devops
security
compliance
guardrails
reliability
scalability
monitoring
databases
open_source
documentation
anthropic
## Overview Intuit, the global fintech company behind products like TurboTax, QuickBooks, and Credit Karma, developed an internal MCP Marketplace platform to address critical challenges in scaling AI agents with organizational context. This case study presents a comprehensive solution to one of the fundamental problems in production AI systems: how to give AI agents secure, scalable access to the exact organizational context they need to operate effectively. The problem Intuit faced is emblematic of enterprise AI adoption at scale. While AI agents can be powerful tools, they become fundamentally limited without proper access to organizational knowledge—codebases, internal APIs, databases, and enterprise policies. The Model Context Protocol serves as the standardized language enabling AI agents to securely request and access contextual data from various organizational entities. However, as Intuit scaled their AI agent infrastructure, they encountered significant operational challenges in the decentralized delivery of this context across multiple teams. ## The Problem Space The challenges Intuit identified when scaling MCP services are characteristic of LLMOps issues in large organizations. First, poor discoverability emerged as a critical pain point. Without a central registry, development teams had no visibility into what MCP services already existed across the organization. This led to duplicated efforts, with different teams independently building similar context-fetching logic in isolation. This represents a fundamental inefficiency problem that compounds as organizations scale their AI initiatives. Second, the lack of standardization created inconsistency and risk. With no quality gates or enforcement mechanisms, the organization faced the prospect of unverified, buggy, or non-compliant MCP services feeding critical context to language models. This could lead to unpredictable agent behaviors and governance issues—a significant concern for a financial services company handling sensitive customer data. Third, security and auditing posed substantial challenges. Without a centralized system to manage sensitive credentials, personal access tokens, or enforce authentication, there was no systematic way to track which users accessed what contextual data. For an enterprise handling financial data, this represents an unacceptable compliance and security gap. Finally, even when appropriate MCP services existed, the manual setup and complex runtime configurations required for local MCP deployment created a steep learning curve for developers, significantly slowing adoption of AI agents across the organization. ## The Solution: MCP Marketplace Architecture Intuit's solution, the MCP Marketplace, functions as a centralized registry for discovering and installing context services—conceptually similar to how npm serves as a package manager for JavaScript libraries. The platform addresses enterprise challenges for both sides of the MCP ecosystem: producers who build and maintain MCP services, and consumers who need to use them in their AI workflows. ### Producer Experience and CI/CD Automation For MCP producers (internal service teams building context services), the marketplace provides standardized tooling and a streamlined CI/CD publishing process. The developer journey begins with onboarding their MCP project into the marketplace, which offers an option to automatically generate a dedicated repository with boilerplate code for the MCP service. The platform creates predefined CI/CD pipelines linked to these repositories, so any code changes automatically trigger the build and deployment process. The CI/CD pipeline itself incorporates security from the outset. The system builds Docker images of MCP services and performs comprehensive security scanning to identify potential vulnerabilities before proceeding. This represents a critical governance checkpoint that wouldn't exist in a decentralized approach. Once security validation passes, the image moves into a release process where new versions are tagged and stored in the enterprise artifact registry (specifically, a Docker registry). This creates specific, testable release candidates that become available in the marketplace for developer testing. Before going live, developers can perform final validation by pulling images with release tags and running comprehensive tests in pre-production environments. Once testing is approved, images are published to the Docker registry with the "latest" tag, enabling all existing consumers to automatically receive updated versions. This lifecycle management—including version control and deprecation—ensures that MCP services can evolve safely in production without breaking downstream consumers. ### Consumer Experience and Installation Flow For MCP consumers (developers building AI agents), the marketplace eliminates installation friction through a streamlined discovery and setup process. The consumer experience involves several key components: the IDE and agent (where the agent is the autonomous entity requiring context), a CLI housing the installer module and middleware, a keychain for secure secret storage, and the marketplace registry itself. Context can be served by either local MCPs (containerized services running locally) or remote MCPs (deployed in the cloud). The journey begins with developers browsing the marketplace catalog to search for verified MCP services that provide the specific context they need. Once identified, developers can execute a simple CLI command to trigger installation. The installer module handles the entire setup by communicating with the marketplace registry and accounting for the two deployment models. For local containerized MCPs, the installer pulls the artifact. For remote MCPs deployed in the cloud, it retrieves the necessary service URL and connection configuration. The installer then writes all required configuration into an MCP config file for the AI agent to use. Critically, sensitive user credentials like personal access tokens are never stored in configuration files. The installer securely stores them in the platform's native vault, preventing exposure of secrets to the local environment. This represents a significant security improvement over manual configuration approaches where secrets might be stored in plaintext or committed to version control systems. ### gRPC Middleware as the Security and Orchestration Backbone The gRPC middleware serves as the technical backbone enabling seamless and secure operations. When an AI agent starts, it fetches MCP configuration from the config file and connects to the middleware using stdio. The middleware then orchestrates the entire session by connecting to the marketplace to identify the deployment model for each installed MCP service, retrieving securely stored tokens from the keychain, populating container environments with these secrets securely, and orchestrating connections to MCP services via gRPC—either spinning up local MCPs or establishing direct gRPC connections to remote MCPs. When an agent triggers a context request, the middleware acts as a client interceptor, immediately intercepting outgoing gRPC requests and injecting necessary user authentication headers (typically acquired via SSO or OAuth). The target MCP server, whether local or remote, uses a server-side gRPC interceptor that connects to the marketplace to validate the user's identity based on injected headers. MCP services only process fully validated requests. If authentication or processing fails, the middleware relays detailed error messages back to the agent, allowing it to process feedback and guide users on corrective actions. This robust authentication pattern solves major security and compliance challenges by ensuring every context access is authenticated and authorized. The native gRPC interceptor pattern on both client and server sides provides a centralized authentication mechanism without requiring individual MCP services to implement authentication logic independently. ### Token Management and Security Architecture The middleware's approach to token management addresses one of the most sensitive aspects of production LLM systems. It securely retrieves sensitive tokens from the keychain and uses them to populate the execution environment of target MCPs. This allows the organization to enforce secure access while ensuring tokens are never exposed to the local host machine or configuration files—a critical requirement for compliance with financial services regulations. ### Observability and Auditing Beyond security, the middleware closes critical observability and auditability gaps. Since every request for context flows through the middleware, it can infer and track critical data points including tool usage frequency, service latency, and gRPC error codes. This usage data is asynchronously sent to a remote data collector, enabling systematic logging that can definitively answer questions like: Which agent, used by which user, accessed what contextual data? This comprehensive audit trail is essential for enterprises operating in regulated industries. The middleware's central position makes it an ideal collection point for analytics and monitoring, instrumenting key events to deliver actionable insights for MCP owners. The platform tracks service installations to identify which MCP services are gaining traction, measures tool invocation frequency to understand real-world adoption and engagement levels, monitors real-time service latency and gRPC error rates to ensure consistent performance and reliability, and delivers comprehensive analytics on adoption trends and quality metrics. ## Technical Architecture Considerations The architecture demonstrates several sophisticated LLMOps patterns. The use of gRPC throughout the system provides type safety, efficient binary serialization, and built-in support for bidirectional streaming—all valuable for production AI systems where latency and reliability matter. The interceptor pattern on both client and server sides provides elegant cross-cutting concerns like authentication, logging, and error handling without cluttering core business logic. The dual deployment model supporting both local containerized MCPs and remote cloud-deployed MCPs provides flexibility for different use cases. Local MCPs might be preferable for latency-sensitive operations or when working with large datasets that shouldn't traverse the network, while remote MCPs enable centralized management and easier scaling. The marketplace's abstraction over these deployment differences simplifies the consumer experience. The Docker-based containerization of MCP services provides isolation, reproducibility, and portability. Combined with automated CI/CD pipelines and security scanning, this creates a secure software supply chain for AI capabilities—an often-overlooked aspect of production LLM systems. ## Balanced Assessment While the presentation showcases an impressive technical solution, there are considerations worth noting. The platform appears to be in active development, with current support focused on stdio connections between agents and the middleware in local environments. The acknowledgment of potential future support for other protocols when agents run in remote environments (like inside pods) suggests the architecture is still evolving. The solution is fundamentally an internal platform for Intuit's proprietary MCP services, not a marketplace for open-source MCP servers. This makes sense for an enterprise context where organizational knowledge and security are paramount, but it means the approach may not directly translate to ecosystems where third-party MCP providers are common. The reliance on a centralized platform introduces a potential single point of failure. If the marketplace or middleware experiences issues, it could impact all AI agents across the organization. The presentation doesn't detail the platform's availability guarantees or disaster recovery mechanisms, though these would be critical for production deployment. The observability capabilities, while comprehensive, generate significant telemetry data. The asynchronous publishing of usage data to analytics collectors suggests thoughtful design to avoid impacting request latency, but organizations implementing similar patterns need to consider the cost and operational overhead of storing and analyzing this data at scale. ## Future Directions The team outlined future enhancements including advanced semantic search to enable sophisticated discovery of capabilities, helping developers find the right MCP services faster by matching their intent to available tools. They also plan to enhance community engagement through ratings, reviews, and usage examples to build trust and facilitate knowledge sharing—patterns familiar from successful developer platforms. ## Production Readiness and Impact The case study represents a mature approach to operationalizing AI agents at enterprise scale. By standardizing MCP development, distribution, and consumption, Intuit has created a pattern that addresses the full lifecycle of context services in production. The emphasis on security, observability, and developer experience throughout the architecture demonstrates sophisticated LLMOps thinking. The datadriven approach to measuring success—tracking installations, invocations, latency, and errors—enables continuous improvement of both the platform and individual MCP services. This feedback loop is essential for maintaining quality and reliability as the ecosystem grows. The platform fundamentally shifts how Intuit can scale AI capabilities across their developer organization. Rather than each team solving context access independently with varying security postures and no visibility into each other's work, the marketplace creates a multiplier effect where high-quality MCP services can be discovered, trusted, and reused across the entire organization. This democratization of secure context access represents a significant operational maturity in production AI systems. For organizations facing similar challenges in scaling AI agents, this case study offers a blueprint for thinking systematically about the infrastructure required to support production LLM workloads. The combination of developer experience, security, observability, and governance in a unified platform demonstrates the kind of holistic thinking required for successful enterprise AI adoption.

Start deploying reproducible AI workflows today

Enterprise-grade MLOps platform trusted by thousands of companies in production.
Book a Demo
Use Open Source