AI
The Missing Layer: Context Governance
Enterprise MCP deployments lack a standard for verifying context before it crosses trust boundaries. Bloomberg’s financial clients operate in a regulated environment where trust is baked in by design. Without protocol-level governance, organizations build custom PII redactors, hooks, guardrails, and proxies. The result is an M by N integration problem. With four clients and four middleware services, that is 16 custom integration points. Adding one more client or middleware multiplies the complexity.
Interceptors: Validators and Mutators
Interceptors elevate middleware to a standardized MCP primitive alongside tools, prompts, and resources. Two types exist: validators and mutators. A validator inspects a payload and returns a decision (pass, fail, and reasons). A mutator transforms the payload. Validators run in parallel. Mutators run sequentially by priority. If a mutator fails, the entire chain is rolled back. Both sides of the trust boundary can invoke interceptors for requests and responses. SEP 7063 defines the interface, including discovery via standard list methods.
Bloomberg’s Ask B: Interceptors in Production
Ask B, Bloomberg’s conversational AI terminal, uses interceptors for two patterns. A validator checks whether each LLM-generated claim has a real citation. If not, it rejects the response and notifies the agent to re-attempt. A mutator enriches user queries with real-time context before the LLM responds. For a question like “What is the consensus on Nvidia?” the mutator injects earnings calendars, breaking news, and market-moving events. This grounds the model in current activity instead of stale knowledge.
Q&A
Can a validator indirectly mutate the payload by providing feedback to the LLM? Yes. The validator returns structured reasons for rejection, and the agent can ask the LLM to fix the response. ▶ Watch (23:08)
Can a mutator break an invariant that a validator enforces? Potentially, but the design gives operators control over which mutators and validators run together. Validators at the trust boundary guarantee the outgoing payload is safe. ▶ Watch (24:22)
How are validator and mutator logic implemented? As code adhering to a defined interface. ▶ Watch (25:37)
Notable Quotes
“If you want control and governance, as of today, you are mostly on your own.” Kurt Degiorgio · ▶ Watch (5:27)
“Validators say, ‘Is this safe?’ Mutators say, ‘Make this safe.’” Kurt Degiorgio · ▶ Watch (12:31)
“The complexity is essentially multiplying with every addition.” Kurt Degiorgio · ▶ Watch (8:27)
“Because in our world, trust and control are not optional and must be baked in by design.” Cannis Chan · ▶ Watch (4:01)
Key Takeaways
- MCP standardized context operations but not context governance. Interceptors fill that gap.
- Validators and mutators are protocol-level primitives, not custom wrappers.
- Bloomberg’s Ask B uses interceptors to enforce citation accuracy and inject real-time context.
About the Speaker(s)
Kurt Degiorgio is a Senior Engineer at Bloomberg, working on building platforms for Generative AI. With 14 years of experience, his background includes Monzo, Diffblue and GFI Software (of TeamViewer fame), covering a wide technical spectrum - from developing network drivers to building…
Cannis Chan is a Technical Product Manager in the Office of the CTO at Bloomberg, building infrastructure platforms for AI products. With 10 years in B2B and Enterprise (AutogenAI, Deutsche Bank, Ondat/Akamai), she specializes in navigating complex products through pre- and post-product…