Most AI agents today are little more than packaged LLM calls. They can generate text, but they do not reliably bridge the gap between real enterprise data and AI driven workflows. For production systems, specialized small agents work better. They execute repetitive tasks, respect clear boundaries, and terminate when their job is done.
Agentic RAG is one step in that direction. It chains agents and tools securely, restricts access to deep infrastructure data, and controls both communication and execution paths. Every action can be logged and audited. It extends traditional RAG by integrating external tools and enabling looping function calls. Agents can use external resources for data filling, checking, and multi step reasoning instead of just retrieving and re ranking documents.
So far, so good. But one important layer is still missing: control and command.
This is why we are developing an open protocol stack that extends the Model Context Protocol (MCP) into the Agent Context Protocol (ACP). ACP adds a control layer for agent chaining, reduces the risk of data leakage, and gives developers and data protection officers the governance they need. It enables autonomous agents to collaborate across environments in a controlled and auditable way.
Here is how we make that concrete.
The Basic: Model Context Protocol
Model Context Protocol, initially introduced by Anthropic, is the backbone for managing interactions between LLM based applications and data ecosystems. MCP connects tools and data sources such as:
- Public data services
- Private and public APIs
- Document archives
- Enterprise data systems
MCP allows LLM applications to work together by embedding them into a shared work context, a loose network of MCP clients and MCP servers. It acts as a bridge between intelligent tools and the data they need.
For desktop use cases and single user workflows, this is a strong starting point. An LLM application can rely on MCP to talk to local tools, remote APIs, and document stores through a consistent interface.
For mission critical enterprise operations, however, MCP is not enough. Enterprises need guarantees around who accesses which data, for what purpose, and under which policy. They also need a clear way to prevent agents from moving beyond their defined role.
The Leap Forward: From MCP to ACP and the Data Firewall
Once there are many agents running across systems and regions, all more or less independent, a new question appears. How do we ensure that each agent only accesses the data it really needs and performs only the actions it is intended to perform?
In the SaaS world, this problem is solved through application firewalls and gateways that restrict which APIs a service can call. We apply the same idea to AI agents.
We call this a Data Firewall. It acts as a gateway that enforces secure data access and governance for AI workloads. It expands agent capabilities in a controlled way, enabling decentralized communication, broad but governed access, and reliable operation.
To achieve this, we introduce an open, compliance first protocol between agents and data sources with three main layers.
- Governance
Tracks usage contexts so that access to data products follows clear policies and purposes. - Access control
Extends traditional ACL and RBAC models by validating the purpose of access. Even with valid credentials, a request is denied if there is no clear, documented reason. - Auditability
Logs every interaction, including who accessed what data, when, from where, and for what purpose.
The Agent Context Protocol defines how this works in a structured, open, and implementable way. It allows enterprises to maintain full control over their data environments while enabling productive and collaborative AI workloads.
MCP and ACP in Scalytics Federated
In our architecture, Scalytics Federated implements MCP for tool and data integration and extends it with ACP for control and governance. The platform uses Apache Kafka compatible infrastructure to integrate agents into enterprise environments and to coordinate their communication.
This combination allows agents to:
- Interact with data products through a governed gateway
- Use MCP to access tools and resources
- Rely on ACP to ensure every interaction is controlled, contextual, and auditable
Scalytics Federated does not just route calls. It provides a runtime that executes agent workloads across containerized environments, enforces policies at the Data Firewall, and records all relevant events for compliance teams.
What ACP Enables For You
While MCP focuses on connecting tools and data, ACP extends these capabilities to support collaborative and autonomous agents in enterprise settings. With Scalytics Federated, agents interact with data products and tools based on their defined usage context rather than just raw credentials.
This creates an architecture that can support real multi agent systems in production.
With ACP, agents can:
Communicate in a decentralized way
Collaborate across hosts, clusters, and regions while still passing through a governed gateway.
Access broadly but safely
Use tools, data, and memory across environments without bypassing infrastructure security controls. Access always remains purpose bound.
Operate reliably
Use a Kafka based protocol for fault tolerant, asynchronous communication with delivery guarantees.
Enterprise Ready Agent Architecture
Scalytics Federated provides a resilient foundation for agent based workloads. Agents run in containerized environments that execute close to the data. They process local information and expose only the minimal results that are needed for shared tasks such as model training, enrichment, or complex retrieval.
By leveraging Apache Kafka's established protocol and ecosystem, the platform benefits from proven resilience, persistence, and delivery guarantees. Agents interact over topics that are governed by ACP policies. This keeps sensitive data inside the original system while still enabling distributed workflows.
The result is an architecture where:
- Data stays under local control
- Agents are isolated but can collaborate
- Every interaction is observable and auditable
Business Impact
Scalytics Federated changes how enterprises think about AI infrastructure for agents. Instead of ad hoc scripts or unmanaged agent swarms, you get a governed, observable, and scalable system.
- Unified agent ecosystems
Agents and tools can be linked securely across regions and departments. Collaboration happens through a common protocol and Data Firewall rather than through shadow integrations. - Effortless integration with existing systems
The platform builds on Kafka compatible infrastructure and existing data products. It does not require a full replacement of current systems. - Governance and compliance first
The ACP gateway enforces policies for data access, usage context, and logging. Compliance teams can trace every relevant action. - Data in motion
Agents consume and produce real time data streams. This follows a data in motion philosophy where information is processed as it flows, not just after it is stored. - AI readiness
The architecture prepares enterprises to scale secure, collaborative AI systems without losing control over infrastructure or data.
Why This Infrastructure Layer Matters
AI agents will only be trusted in production if the infrastructure around them is solid.
- Infrastructure is foundational
MCP and ACP define how agents talk to tools and data and how that communication is governed. They provide the building blocks for secure, modern AI systems. - Governance as a first class concern
Scalytics Federated prioritizes compliance and transparency. Data access and usage are visible, controlled, and documented. - Collaboration without chaos
Agents can share tools, memory, and data across hosts without breaking isolation. Workflows stay understandable rather than turning into opaque chains of calls.
Moving Forward: Our Vision for Agentic RAG
Agentic Retrieval Augmented Generation represents a practical way to bring autonomous agents into enterprise environments. It combines dynamic decision making with access to real time and historical data. Unlike traditional RAG, which focuses on retrieving and presenting information, agentic RAG supports multi step reasoning and tool use over a sequence of actions.
Our first production use case is already running. Decentralized agents communicate asynchronously via Confluent Cloud using the MCP implementation inside Scalytics Federated. ACP enforces policies, and Kafka provides reliable transport. This shows how agent collaboration can run on top of existing streaming environments while maintaining compliance and governance.
With Scalytics Federated and ACP, enterprises can explore agentic workloads without sacrificing control. They can define what agents are allowed to do, see how they behave, and evolve their AI strategies on top of infrastructure that is designed for production and regulation from the start.
About Scalytics
Scalytics Federated provides federated data processing across Spark, Flink, PostgreSQL, and cloud-native engines through a single abstraction layer. Our cost-based optimizer selects the right engine for each operation, reducing processing time while eliminating vendor lock-in.
Scalytics Copilot extends this foundation with private AI deployment: running LLMs, RAG pipelines, and ML workloads entirely within your security perimeter. Data stays where it lives. Models train where data resides. No extraction, no exposure, no third-party API dependencies.
For organizations in healthcare, finance, and government, this architecture isn't optional, it's how you deploy AI while remaining compliant with HIPAA, GDPR, and DORA.Explore our open-source foundation: Scalytics Community Edition
Questions? Reach us on Slack or schedule a conversation.
