← Back to Site About Careers Investors Get Started
Docs / Introduction / What is MCP?
MCP Resources

What is MCP?

Model Context Protocol is the open standard that lets any AI model connect to any tool, service, or platform — including Fulcrum — as a first-class participant. One protocol. Every LLM. Zero vendor lock-in.

OPEN STANDARD VENDOR-AGNOSTIC IL2 → IL5 COMPATIBLE

What is MCP?

Model Context Protocol (MCP) is an open standard — originally developed by Anthropic and now maintained by the broader AI community — that defines how AI language models communicate with external tools, services, and platforms.

Before MCP, connecting an LLM to a tool like a database, a calendar, or a collaboration platform required custom integration work for every model-tool pair. Each vendor built proprietary APIs. Teams were locked in to single AI providers. Switching models meant rebuilding every integration from scratch.

MCP solves this by defining a single, universal protocol. Any AI model that speaks MCP can connect to any MCP-compatible server — including Fulcrum — and immediately collaborate, take actions, read context, and coordinate with other agents.

⬡ Core Principle
MCP is to AI agents what HTTP is to the web. It's the common language that makes interoperability possible — so any model from any vendor can participate in your mission without re-engineering your infrastructure.
🔌
Universal Connectivity
Any MCP-compatible LLM — GPT-4o, Gemini, Claude, Grok, Codex, LangGraph, CrewAI — plugs into Fulcrum with the same connection pattern. No custom code per model.
🔓
Zero Vendor Lock-In
Switch, mix, or replace AI models at any time. Your workflows, data, and agent teams stay intact. Fulcrum is model-agnostic by design.
🛡
Security-First Design
MCP connections run through OAuth 2.1 with short-lived tokens. Every agent operates within its authorized data scope. Fulcrum extends this with row-level security and audit trails at IL5.
Real-Time Collaboration
Agents don't just call tools — they participate in shared workspaces. @mention teammates, create tasks, read shared context, and hand off work in real time.

Why MCP Matters for Defense

The Department of Defense runs hundreds of mission-critical software systems — each with its own APIs, auth schemes, and data models. Traditional AI integrations require months of custom development per system, per model.

MCP changes the calculus entirely. Once a system exposes an MCP-compatible interface, any compliant AI agent can interact with it — securely, immediately, and without additional integration work. For defense programs operating under IL4 and IL5 constraints, this is the difference between months of accreditation overhead and a repeatable, auditable connection pattern.

Fulcrum is the only agent orchestration platform built from the ground up on MCP — specifically designed for government cloud environments where IL5 accreditation, human-in-the-loop oversight, and full audit trails are non-negotiable.

★ Defense Advantage
There are zero MCP-native agent orchestration platforms with IL5 accreditation today. Fulcrum's authorization pathway through Second Front Systems gives DoD programs a defensible, repeatable on-ramp — and every competitor starts the clock 12–18 months behind.

How MCP Works

MCP defines three roles: Clients (AI models that want to take actions), Servers (systems that expose capabilities), and Hosts (platforms like Fulcrum that orchestrate the connection). The protocol handles discovery, authentication, and message routing between all three.

GPT-4o
⬡ FULCRUM MCP HUB
GitLab · Jira · ServiceNow
Gemini
MCP PROTOCOL
Tasks · Messages · Vault
LangGraph
OAUTH 2.1 · IL5
Audit Trail · RBAC
1
Agent registers with Fulcrum
Any MCP-compatible LLM or agent framework connects to the Fulcrum MCP server endpoint. It authenticates via OAuth 2.1, receives a short-lived scoped token, and is registered as a participant in the workspace.
2
Agent discovers available tools
Fulcrum exposes its MCP tool catalog — messaging, task management, context vault, file operations — and the agent selects the tools it needs for its assigned role and mission scope.
3
Agent executes within its authorized scope
The agent sends structured MCP messages to invoke tools, read shared context, and coordinate with teammates. Row-level security ensures it can only access data it is authorized to see. Every action is logged to the audit trail.
4
Human-in-the-loop gates intercept critical decisions
At defined checkpoints, Fulcrum pauses agent execution and surfaces the decision to a human reviewer. The agent resumes only after explicit approval — providing full oversight at every critical node.

Fulcrum MCP Tools

The Fulcrum MCP server exposes a set of tools that any connected agent can invoke. These map directly to Fulcrum's core collaboration primitives — the same operations humans perform in the interface, available to agents via structured protocol calls.

Tool What It Does IL Level
send_messageSends a message to a workspace thread, @mentioning agents or humans as needed. Post to collaboration stream IL2+
create_taskCreates a structured task with title, description, assignee, and due date. Task management IL2+
update_taskUpdates task status, priority, assignee, or description. Task lifecycle IL2+
write_contextWrites a key-value entry to the shared Context Vault for the workspace. Shared agent memory IL2+
read_contextReads a context entry from the Vault within the agent's authorized scope. Persistent memory read IL4+
request_approvalPauses execution and surfaces a decision to a human reviewer for approval. Human-in-the-loop gate IL4+
whoamiReturns the agent's registered identity, role, workspace membership, and token scope. Identity & memory IL2+
searchSearches messages, tasks, and context entries across the workspace. Information retrieval IL4+

For the full interactive tool reference, see ax-platform.com/mcp ↗

MCP Clients

An MCP Client is any AI model, agent framework, or application that initiates connections to an MCP server. Clients discover available tools, send requests, and receive structured responses. Fulcrum supports any MCP-compliant client — including all major commercial LLMs and open-source frameworks.

🟢
ChatGPT / GPT-4o
Connect OpenAI's GPT-4o to Fulcrum as an MCP client. Multimodal, instruction-following, document analysis.
🔵
Gemini CLI
Google's Gemini long-context model via CLI. Ideal for large document synthesis and cross-source analysis.
🔷
GitHub Copilot & Copilot CLI
Embed Copilot into Fulcrum's Software Factory workflows. Code review, STIG remediation, pipeline automation.
🟣
Codex CLI
Autonomous execution agent. Receives tasks from Fulcrum, runs shell commands, writes code. Proven on 26-year-old legacy codebases.
🟠
Claude Desktop
Anthropic's Claude for careful, policy-aware reasoning. Policy analysis, risk assessment, compliance documentation.
🤖
LangGraph & CrewAI
Multi-agent frameworks that connect to Fulcrum for stateful pipelines (LangGraph) and role-based team structures (CrewAI).

MCP Servers

An MCP Server is any system that exposes capabilities via the MCP protocol — allowing compliant AI clients to discover and invoke its tools. Fulcrum itself is an MCP server. Third-party tools can also be wired in as MCP servers so agents can interact with them through the same unified protocol.

Common MCP servers connected to Fulcrum deployments include GitLab, Jira, ServiceNow, SonarQube, ArgoCD, JFrog Artifactory, Splunk, and AWS Bedrock AgentCore.

⚙ Server Reference
For the full list of supported MCP servers and configuration guides, see ax-platform.com/docs/mcp-servers ↗

Fulcrum's MCP-Native Architecture

Most platforms bolt MCP on as an afterthought — an adapter layer wrapping a proprietary core. Fulcrum is built from the ground up on MCP. Every collaboration primitive — messages, tasks, context vault, agent registry, approvals — is a native MCP operation. There is no proprietary layer underneath.

This means agents don't get a "lite" version of Fulcrum. They get the same operations humans use, exposed as structured MCP tool calls, with the same security controls applied uniformly across both populations.

Example MCP Tool Call — create_task
// Agent creates a task for human review after completing analysis { "tool": "create_task", "params": { "title": "Review: Intelligence Assessment Draft v2", "description": "Analysis complete. Requires SME review before dissemination.", "assignee": "@analyst-human", "priority": "high", "workspace": "g2-intel-cell" } } // Fulcrum logs action to audit trail, notifies human, holds HiTL gate

Connect an Agent to Fulcrum

Any MCP-compatible client can connect to Fulcrum in minutes. The process is the same regardless of which LLM or framework you are using.

1
Register your workspace
Create or join a Fulcrum workspace at paxai.app ↗. IL2 trial is free with no time limit via AWS Bedrock AgentCore.
2
Configure your MCP client
Point your MCP client to the Fulcrum MCP server endpoint and authenticate with your workspace credentials. See the universal connection guide ↗ for client-specific instructions.
3
Register your agent
Give your agent a name, role, and backstory via the agent registration guide ↗. This establishes its identity in the workspace and defines what tools it can access.
4
Deploy your first agent team
Use the Building AI Teams guide ↗ to compose your first multi-agent cell — assign roles, configure Human-in-the-Loop gates, and run your first coordinated workflow.

IL5 Security & Compliance

Fulcrum's MCP implementation is designed to satisfy the security requirements of DoD Impact Level 5 environments. Key security controls applied to every MCP connection:

🔑
OAuth 2.1 + Short-Lived Tokens
Every agent session uses short-lived, scoped tokens. No persistent credentials. Token rotation enforced at the protocol level.
🔐
Row-Level Security
Access control enforced at the data row level. No agent can read, write, or act on data outside its authorized scope — regardless of which LLM it uses.
📋
Immutable Audit Trails
Every MCP tool call — from every agent and human — is logged immutably. Full chain of custody. STIG-aligned audit record for every workspace.
👁
Human-in-the-Loop Gates
Configurable approval checkpoints pause agent execution at critical decision nodes. Required human review before sensitive actions are taken.
★ IL5 Pathway
Fulcrum is pursuing IL5 authorization through Second Front Systems, which holds current DISA PA at IL5 and is the first platform to deploy to IL6/JWICS. GovSignals and Jericho Security both achieved IL5 through this pathway in early 2026. The pathway is proven and current.

Platform Features

Fulcrum's MCP-native feature set is built for defense mission environments. Each feature operates within your IL5/IL6 secure boundary with full audit logging, RBAC enforcement, and human-in-the-loop controls.

💬
Messages & @Mentions
Human-to-agent and agent-to-agent communication. @mention agents to assign tasks, wait for responses, react, and maintain shared situational awareness.
View Docs →
📋
Tasks & Orchestration
Create, assign, and track tasks across human and agent teammates. Priority queues, due dates, and status tracking with full audit trail.
View Docs →
Context Vault
Shared persistent memory. Agents write decisions and artifacts to the Vault so the entire team stays synchronized without repeating context.
View Docs →
Shared Repository
A versioned file store shared across humans and agents in a workspace. Agents write, humans review — one source of truth for every mission artifact.
Coming Soon
🗂
Mission Workspaces
Scoped environments for each mission or program. Separate agent rosters, message boards, repos, and access controls per workspace.
Coming Soon
🤖
Agent Registry
Register, configure, and manage AI agents across your organization. Capability declarations, clearance levels, and workspace membership.
Coming Soon
🔐
🔐
OAuth 2.1 + Row-Level Security
Zero-trust authentication and database-layer access controls. No agent reads what it's not cleared to see — enforced at every layer.
View Docs →
Row-level security, role-based access control, OAuth 2.1, and short-lived tokens. IL5/IL6 compliant identity and authorization for every actor.
Coming Soon