The AI Dilemma in Manufacturing

The industrial sector is caught in a paradox. On one side, executives and engineers are eager to leverage Large Language Models (LLMs) like ChatGPT, Claude, and Gemini to analyze production bottlenecks, triage maintenance alerts, and generate shift handover reports. On the other side, OT (Operational Technology) and Cyber Security teams share a collective operational burden: What if a hallucinating AI accidentally writes a command to a PLC and stops the entire production line?

In manufacturing, AI cannot be given unfettered access to control systems. The risks of unexpected setpoint changes, safety interlock overrides, or high-impact downtime are simply too great.

This is where the Model Context Protocol (MCP) enters the picture, bridging the gap between cutting-edge AI assistants and secure, mission-critical industrial networks.

Outcomes depend on workload profile, hardware capacity, and deployment topology.

What is Model Context Protocol (MCP)?

The Model Context Protocol (MCP) is an open standard designed to connect AI models securely to external data sources and tools. Rather than trying to cram all of your company's proprietary data into an LLM's prompt window or giving raw database passwords to an AI, MCP acts as a secure, standardized middleman.

In a standard IT environment, an MCP server might allow an AI assistant to securely read your Slack messages or GitHub repositories. In Manufacturing, an MCP Server securely exposes machine telemetry, Unified Namespace (UNS) topics, and maintenance logs to the AI-without ever exposing the underlying PLCs, SCADA systems, or databases directly.

Why Manufacturing Needs MCP

Integrating AI into the shop floor using legacy methods usually involves brittle custom API scripts or risky direct database connections. MCP solves three fundamental industrial pain points:

The "Read-Only" Safety Boundary

AI models act as clients. They ask the MCP Server for specific data (e.g., "What is the current temperature of Oven 3?"). The MCP Server executes the query, fetches the data, and returns the result to the AI. Because the MCP Server handles the actual data extraction, you can enforce Read-Only operations through scoped tools, role-based access, and network segmentation. Under this architecture, direct machine "Write" commands are intentionally excluded from the MCP tool surface.

Guardrails and Scoping (Governance)

With an MCP Server, you define the exact scope of what the AI is allowed to see. You can expose the last 7 days of OEE data and error logs, while keeping sensitive financial data or critical control tags outside exposed tool scopes. The AI doesn't get raw SQL access; it gets access to governed, pre-approved "Tools".

Full Auditability

Every time the AI requests data, the MCP server logs it. You retain a complete audit trail of exactly what the AI looked at, when it looked at it, and who initiated the prompt.

How Proxus Secures AI with the Proxus MCP Server

At Proxus, we identified that the future of Industrial IoT isn't just dashboards; it is conversational intelligence. However, we built the Proxus Platform with a strictly hardened architecture.

The Proxus MCP Server is a dedicated architectural component built specifically for industrial enterprise environments:

• OData Proxy and Schema Discovery: The Proxus MCP Server automatically translates your factory's Unified Namespace (Assets, Sites, Equipment) into an OData format that AI assistants naturally understand. The AI can discover your factory's layout dynamically.
• Secure Telemetry Queries: When an engineer asks an AI to "analyze the vibration anomalies on CNC Machine #4", the Proxus MCP Server executes a highly-optimized, read-only query against the underlying ClickHouse telemetry database. It protects against "Prompt Injection" by ensuring the AI cannot execute arbitrary SQL.
• Authentication & JWT: The MCP server doesn't blindly trust requests. It integrates directly with Proxus' authentication layer, ensuring that the human prompting the AI actually has the authorization to view that specific factory line's data.

Real-World MCP Use Cases in the Factory

By standardizing on MCP, you unlock incredibly powerful workflows without compromising security:

• The 3 AM Maintenance Triage: A machine faults in the middle of the night. The on-duty technician asks their corporate AI assistant, "Summarize all critical alarms for Line 2 in the last 4 hours and compare them to known error codes." The AI securely queries the Proxus MCP Server, parses the telemetry, and provides a root-cause hypothesis instantly.
• Shift Handover Automation: Instead of spending 45 minutes writing shift reports, a production manager prompts the AI: "Generate a shift handover report. Include total throughput, any OEE dips below 70%, and outstanding maintenance tickets for the stamping press."
• Energy Optimization: "Cross-reference our real-time energy consumption (kWh) over the weekend with the production schedule. Were any high-draw machines left idling?"

Conclusion

The era of choosing between "Agile AI Innovation" and "Industrial OT Security" is over.

The Model Context Protocol (MCP) provides the exact framework needed to bring the power of LLMs to the factory floor safely. By utilizing a governed middle-layer like the Proxus MCP Server, manufacturers can give their engineering and operations teams a conversational interface to their industrial data, knowing with absolute certainty that their strictly read-only control layer remains untouchable.

When this may not be suitable

• Lower-frequency telemetry may not justify full distributed complexity.
• Small single-line plants may prefer simpler architectures first.
• Strict legacy constraints may require phased adoption.
• Safety-critical closed-loop control should remain in PLC/Safety PLC layers.

Results vary with workload, hardware, and topology.

Frequently Asked Questions

What is MCP in simple terms?

MCP (Model Context Protocol) is an open standard that lets AI assistants (LLMs) securely query external data sources through a controlled, typed interface. Think of it as a "read-only API for AI" - the LLM can ask questions and get answers from your factory data, but it cannot issue commands or modify anything.

Can MCP be used to control machines?

By design, no. MCP in an industrial context should often be strictly read-only. The Proxus MCP Server exposes query tools (search devices, read tags, get alarms) but deliberately excludes any write/command operations. The Rule Engine handles machine control through a separate, governed execution path.

How does MCP differ from REST APIs for AI access?

REST APIs require custom integration per endpoint and lack the structured tool-calling protocol that LLMs need. MCP provides standardized tool discovery, typed parameters, and built-in security boundaries - making it trivially easy to connect any MCP-compatible AI client to your Unified Namespace data without custom code.

References

1. Anthropic, "Model Context Protocol Specification" - The open standard defining server-client communication for AI tool use. modelcontextprotocol.io
2. IEC 62443 - Industrial cybersecurity standard relevant to securing AI access to OT systems.
3. NIST AI RMF (AI Risk Management Framework) - Framework for managing risks in AI deployments, applicable to industrial MCP implementations.

Explore the Proxus MCP Server Architecture →