A deep dive into Ania Musial’s talk at MCP Dev Summit North America 2026
MCP gives you interoperability, but it doesn’t give you guardrails, governance, or production reliability. Ania Musial, Head of AI Platform Product at Bloomberg, knows this better than most: her team builds AI infrastructure for the financial professionals who move real money in highly regulated markets, but there are some missing pieces in the process. Her talk at MCP Dev Summit was about what she’s building to fill that gap.
What Trustworthy AI Looks Like at Bloomberg
In January 2026, Bloomberg launched ASKB, its flagship agentic AI application on the terminal. Before it, users navigated hundreds or thousands of applications to surface insights. Now they have a conversational interface.
Building it forced a reckoning with what “trustworthy” actually means in production. Ania described it through three guiding principles:
- Answers have to come from a real, verified source of information, down to the data point.
- Attributions have to be transparent enough for a financial professional to independently verify the output.
- Features have to solve actual investment professional problems, not general AI demos.
None of this comes for free from MCP. “MCP doesn’t give you out-of-the-box guardrails, correctness, governance, and production reliability.” It gives you interoperability. The trustworthiness has to be designed in.
Bloomberg has been doing exactly that, largely through contributions to MCP via the financial services interest group. Two of those contributions were the focus of her talk.
Interceptors: Control at the Protocol Layer
Bloomberg’s use case requires a financial-specific taxonomy of safeguards. The risks it’s trying to avoid include disclosure of non-public information, unauthorized financial advice, market manipulation, and misleading or hallucinated financial narratives.
The challenge is applying those safeguards consistently as data flows between tools and across system boundaries. The proposed interceptor framework addresses this by enabling messages to be intercepted, validated, and transformed at various points throughout the MCP protocol lifecycle.
There are two types. Validators answer the question “is this safe?” They inspect payloads and can block execution based on policy. Mutators answer “how do we make this safe?” They transform payloads, redact information, or enrich it as needed.
The practical effect is that Bloomberg’s compliance and governance controls get applied deterministically at the protocol layer, not bolted on afterward. Citations get enforced. Unsafe actions get detected. Context crosses boundaries only after it’s been verified.
Variants: The Same Tool, Optimized for Different Contexts
Bloomberg runs many model types at once: open-weight, commercial, fine-tuned for finance, models optimized to price bond valuations in real time. A single MCP server exposing a tool like GetPortfolio has to serve all of them well.
The naive options are bad. Three separate MCP servers create duplication and maintenance overhead. A single generic tool serves none of the agents optimally.
Variants offer a third path. They let an MCP server expose multiple parallel versions of the same tool, each optimized for a different model, agent type, or context:
- An IDE-friendly version for a coding assistant.
- A compressed version for a low-context automated pipeline.
- A conversational version for a chat interface.
- A default that handles cases where no specific selection is needed.
The trustworthiness case for variants isn’t obvious at first. It sounds like a flexibility feature. But Ania made the argument precisely: with variants, each model gets the interface designed for it, which makes system behavior more predictable and evaluation results less noisy. Without them, you get inconsistent behavior and the kind of drift that’s hard to diagnose.
The Underlying Argument
Ania’s talk was an argument about where trustworthiness comes from.
The answer she offered is that it comes from the ground up, through system design, not from post-hoc safety layers or generic guardrails. MCP provides the connective tissue. What Bloomberg is contributing to it, through interceptors and variants, is the infrastructure that makes the connective tissue safe enough to use when real consequences are on the line.
If this is a space you’re working in, Bloomberg’s contributions are being shaped through the MCP community and the financial services interest group. The AAIF is where those conversations happen, visit aaif.io, join the conversation in the AAIF Discord, or join us at an upcoming AAIF event.