New MCP Server: Your Agents Get a Badge, Not a Master KeyMCP Server: Your Agents Get a Badge, Not a Master KeyMCP Server: Your Agents Get a Badge, Not a Master KeyMCP Server: Your Agents Get a Badge, Not a Master KeyMCP Server: Your Agents Get a Badge, Not a Master KeyMCP Server: Your Agents Get a Badge, Not a Master KeyMCP Server: Your Agents Get a Badge, Not a Master Key
Read More
Google's Knowledge Graph runs behind the search engine's answer panel. LinkedIn's Economic Graph runs behind its skills-and-jobs intelligence. The challenge for many enterprise knowledge graph initiatives has not been building the graph. It has been making its knowledge accessible beyond a small group of specialists. A graph that only data engineers, investigators, or graph specialists can query may be technically successful while delivering only a fraction of its potential business value.
This is where MCP and GraphRAG diverge. MCP reduces the cost of access by giving AI clients a standard way to reach the graph. GraphRAG improves retrieval by helping those clients navigate entities and relationships within it. MCP makes a knowledge graph accessible. GraphRAG makes it useful for answering complex questions. They solve different challenges.
Model Context Protocol (MCP) is an open protocol, introduced by Anthropic on November 25, 2024, that lets any compliant AI client invoke tools and retrieve data from external systems through a single standardized interface, including retrieval from a knowledge graph. GraphRAG is the retrieval pattern that traverses typed entities and relationships in a knowledge graph to answer multi-step questions about how things connect. MCP operates at a different architectural layer. It is the access protocol that lets analysts and AI agents reach the same governed graph from any AI-native client, under the same permissions and audit.

The boundary matters because the value a knowledge graph encodes rarely reaches the people who need it. Buyers of graph programs spend significant time evaluating ontology design and entity resolution. Far less attention is paid to how people actually access the graph. Yet that is often where value gets trapped. A graph that only specialists can query may be technically successful while delivering only a fraction of its potential business impact.
For most of 2025, the answer to that bottleneck was custom integration. A new chatbot for one persona. A custom API for one workflow. A pre-built dashboard for one question that someone in leadership wanted answered. Each integration answered the question it was designed for and nothing else. The integration surface grew with every new use case.
Learn how Ally applied graph analytics and contextual investigation tools to uncover complex fraud networks and strengthen fraud prevention.
Read Case StudyWhat changed was the arrival of a protocol that every major model provider could speak. Anthropic introduced MCP in November 2024. OpenAI adopted it in March 2025. Anthropic donated the protocol to a Linux Foundation directed fund in December 2025, co-founded with Block and OpenAI and supported by Google, Microsoft, AWS, Cloudflare and Bloomberg. The question stopped being whether the agent could reach the graph. It became what each layer was actually doing.
The three concepts most often confused in that conversation are RAG, GraphRAG and MCP. They answer different questions and they run at different times.
| RAG | GraphRAG | MCP | |
|---|---|---|---|
| What it is | A retrieval pattern that breaks documents into chunks, indexes them by similarity, and pulls back the closest matches at query time | A retrieval pattern that follows typed connections between entities in a knowledge graph (people, accounts, transactions) | A protocol that lets any compliant AI client reach those retrieval systems through a single standardized connection |
| What it answers | "Where in my documents is the answer to this question?" | "Which entities and relationships answer this question?" | "How does this AI client get governed access to the retrieval, with audit?" |
| What it works with | Free-form text indexed by similarity | A typed model of entities and the relationships between them | Whatever the server exposes. The protocol itself stores nothing |
| When the work happens | Documents are processed and indexed at ingest. Matching happens at query time | The model and graph are built at ingest. Traversal happens at query time | At runtime, every time the AI client calls a tool |
| Who can query it | Anyone with the chatbot. No special language required | Today, data engineers and graph specialists writing graph queries. Analysts depend on pre-built dashboards | Any AI client that speaks the protocol, under the same governed scope, regardless of who or what is asking |
| Best for | Summarizing or answering questions across large bodies of text | Multi-step questions whose answers come from following typed connections between entities | Letting analysts and AI agents reach the same governed retrieval through any AI-native interface |
The distinction isn’t academic. It is already visible in large-scale enterprise deployments. Bloomberg's knowledge graph supports analytics inside the Bloomberg Terminal and sits at the center of the firm's stated AI strategy. AstraZeneca's Biological Insights Knowledge Graph (BIKG) holds 10.9 million nodes and 118 million edges across 59 relationship types, supporting drug-development teams. Knowledge graphs sit on the Slope of Enlightenment in the 2025 Gartner Hype Cycle for Artificial Intelligence, signaling movement past the initial hype phase toward practical adoption.
MCP works through a small number of architectural components. All of them exist for the same purpose: making an existing knowledge graph accessible to people and agents through a standard interface.
Picture a library whose holdings are properly organized. The catalog is coherent. The indexes are current. Today only the librarians can pull a book, and patrons get told what the books say through the librarians. MCP issues every patron a card that respects the same rules of the library. You can ask directly, your assistant can ask directly, and you both still only see what your access level permits. The analogy is useful because it highlights the distinction between organizing knowledge and accessing it. MCP concerns access. The graph remains responsible for the knowledge itself.
A standardized protocol surface. The graph exposes itself through one protocol that every compliant AI client speaks. When an organization adds Claude Desktop one quarter and Bedrock AgentCore the next, the integration work is configuration. The custom development happened once, at the platform layer. Without a standardized surface, every new client requires its own integration. The surface grows linearly with use cases and each integration answers only the question it was built for. Fixed-schema APIs extend that problem; they do not solve it.
Token-bound user identity. Deployed for per-user identity, every call executes under the bearer token of the requesting human. MCP does not enforce this by default; many servers run a shared service account instead. An analyst pulling a customer's connected accounts sees exactly what their role permits. The audit log records the human user behind the AI session. Without identity binding, the agent has system-level access by default. Every analyst question becomes a privileged query, and audit trails lose the human attribution that compliance functions require. The MCP authorization specification flags client-token pass-through to downstream APIs as a high-risk anti-pattern because it breaks trust boundaries and defeats audience controls.
Tool modules organized by capability. The server exposes discrete, composable units: discover the ontology, retrieve a graph visualization, execute a saved analysis. The agent composes them. The platform owns the orchestration. Without this organization, the agent gets handed a flat surface of every available endpoint, blows the context window with tool descriptions, and selects the wrong tool. Practitioner measurements of GitHub's official MCP server place its tool-description footprint between 17,600 and 55,000 tokens per request, before the agent has done any work.
Schema discovery at runtime. Clients ask the server what is available. The ontology can grow without breaking integrations. A new entity class added by the data team shows up on the next discovery call. Without runtime discovery, schema changes become integration projects. Over time, the cost of maintaining those integrations grows faster than the graph itself.
Composable workflows. Multiple tool calls compose into multi-step reasoning against the same governed model. An agent answering "show me directors of all accounts that received the same wire transfer in the last 30 days" performs three steps: find the wires, retrieve the accounts, traverse the director relationships. Without composability, every multi-step question becomes a custom feature request and analysts can only ask the questions the system was pre-built to answer.
Each component is individually defensible. The architectural payoff comes from all five operating together. A protocol without identity binding is a security incident. Identity binding without tool modules causes tool overload, and tool modules without runtime discovery become fixed-schema with extra steps. The graph provides the context. MCP makes that context available to people and agents. The system earns its place when every part is honest about what it owes.

MCP solves an accessibility problem, not a knowledge problem. Organizations adopting MCP often discover that the protocol exposes weaknesses that already existed in the graph. Missing entities, inconsistent definitions, stale relationships, weak governance, and poorly designed tools become visible faster because more users and agents are now interacting with the system. MCP increases reach. It does not increase quality.
The graph still has to exist, and it has to be right. A protocol cannot retrieve relationships that were never modeled. Ontology gaps, ontology drift, and stale entity resolution all surface unchanged through MCP. They surface faster, because more people are asking. Memgraph's founder Dominik Tomicevic makes the architectural case directly: a knowledge graph encodes entities, relationships and policies so the model knows what it is reaching for before it picks up a tool. Without that scaffolding, MCP delivers tool calls into a context where the LLM has no constraint on what is reachable.
Tool overload is an architectural failure mode. The protocol surfaces it; the cause sits upstream, in how the tools were composed. A single production case study reports daily cloud spend between 300 and 400 US dollars within two weeks of launch and 95th-percentile latency at 14 seconds, with five-plus model calls and two-plus tool calls per query and no caching. The fix lives upstream of the protocol. The graph pre-filters the toolset against the user's question: the ontology tells the agent which tools are reachable from where the question lives.
Governance does not arrive in the box. A November 2025 paper by Errico, Ngiam and Sojan argues that the existing AI governance frameworks, including the NIST AI Risk Management Framework (NIST AI RMF) and ISO/IEC 42001, do not yet cover the dynamic, user-driven agent systems that MCP enables. Their recommended controls span five layers:
Enterprise deployments inherit those requirements; the protocol alone does not supply them.
For most of the past two years, the question was whether AI agents could call external systems at all. By late 2025 the wiring problem was solved and MCP had become the leading candidate for standardizing agent-to-system access. MCP solved a critical accessibility problem. It gave AI clients a standard way to reach enterprise systems. But it doesn’t determine what knowledge exists, how it is organized, or whether it can be trusted. Those responsibilities remain with the knowledge graph.
MCP changes who can ask the question. The graph determines whether a useful answer can be returned.


Dr. Michael O’Donnell is a Senior Analyst covering data management strategy, with a particular interest in the gap between data and business value. He tracks the full stack (converged platforms, semantic enrichment, knowledge graphs, data products) is interested in what each gets right, where it stops short, and what that pattern keeps revealing. His measure is simple: can the person who needs the answer get it without an engineer in the middle.
Contact