AI
RAG: The Original Context Middleware
Pedersen called RAG the first context middleware pattern. Before MCP and agentic search, teams chunked documents, embedded vectors, and injected context into prompts. Vector similarity often failed—matching XML structure instead of meaning, or returning irrelevant results. The proposal for “augmentations” aimed to make RAG a first-class MCP capability. The community rejected it, suggesting resource templates instead.
Hallucination Detection at Saxo Bank
A Saxo Bank chatbot used MCP tools for agentic search. Hallucinations were rare but unacceptable in financial services. A data scientist discovered that hallucinations almost always included a fake link. Rerunning the request worked better than correcting the model because models are stochastic. The team built a hallucination detection service that checked link existence. That service lived outside MCP, which Pedersen saw as a missed opportunity for standardization.
The SEP: Three Interceptor Types
Pedersen’s second proposal introduced middleware interceptors at the protocol level. Three types: validation (pass/fail on context), mutation (transform payloads for RAG, PII redaction, progressive disclosure), and observability (parallel sidecars for auditing, sentiment). The interceptors are discoverable and composable, similar to Kubernetes hooks. They target all existing MCP methods plus a new LLM completion method. A simple prototype decorates a method to register an interceptor.
Enterprise Composability and the Road Ahead
Pedersen emphasized that middleware is not for consumer-facing MCP uses—passing context to random servers risks data exfiltration. For enterprises, interceptors let security, compliance, and platform teams compose guardrails, PII handling, and auditing into a gateway. The SEP was superseded by Sambhav’s better proposal. Pedersen noted that the 20+ gateway vendors all solve the same problem. A protocol standard would let them focus on their core products.
Q&A
If this SEP gets approved, will you submit a PR to the C# SDK? Pedersen already has a tentative implementation but expects it will be improved by the community. ▶ Watch (26:44)
Why introduce new verbs when middleware could be set up by IT? The extension requires client-server discovery of interceptors, but infrastructure registries will handle that in practice. ▶ Watch (27:18)
What can the open source community do to help solve the M×N problem? Engage on the SEP thread, give opinions, push back on disagreements. ▶ Watch (28:35)
Notable Quotes
RAG was the original context middleware, right? Peder Holdgaard Pedersen · ▶ Watch (1:50)
It worked a lot better to just rerun, because these are stochastic models. Peder Holdgaard Pedersen · ▶ Watch (6:02)
It’s insane to have a tool that gives a model the time and date. Peder Holdgaard Pedersen · ▶ Watch (19:47)
The ecosystem is clearly trying to fill a gap in the protocol. Peder Holdgaard Pedersen · ▶ Watch (10:16)
Key Takeaways
- RAG was the first context middleware pattern in MCP.
- The SEP introduces validation, mutation, and observability interceptors.
- Standardized middleware would let enterprises compose guardrails without vendor lock-in.
About the Speaker(s)
Peder Holdgaard Pedersen architects AI systems and spearheads AI adoption at Saxo Bank as Principal Developer. He is a contributor to the C# MCP SDK and an MCP maintainer for the Financial Services Interest Group. He specializes in integrating cutting-edge AI capabilities with bespoke assistants and other enterprise tools.