With NetSuite's MCP integration, you can plug your enterprise data and actions into any LLM-based AI agent

Cloud business software vendor Oracle NetSuite today unveils an MCP integration that it says goes further than other vendors in how customers and partners can connect their data and functions in NetSuite to external AI agents and Large Language Models (LLMs). The new NetSuite AI Connector Service supports Model Context Protocol (MCP), an emerging standard for communications between LLM-powered agents and other systems such as enterprise applications.

There's been a wave of MCP announcements from enterprise tech vendors in recent weeks, all designed to simplify the process of plugging enterprise data and actions into the many different agents that AI vendors and others are bringing to market, or that customers and solution providers are building for their own use. Where NetSuite's approach differs from other vendors, according to Brian Chess, SVP of AI and Technology at NetSuite, is that the MCP connector is built into the vendor's existing extensibility framework. This means that customers and ecosystem partners can connect any capabilities written in SuiteScript, NetSuite's developer language, or custom SuiteApps, into external MCP services. He explains:

We're making MCP a platform capability, and that means it's not just a set of MCP tools that we chose. People can create whatever MCP tools they want on the NetSuite platform.

Another advantage of this approach is that developers can use the existing access controls and permissions built into the NetSuite platform to limit what each agent can do — important because MCP doesn't natively include this functionality. He goes on:

We use all of the things that people are used to in terms of being able to control their integrations. So it uses the Suite roles and permissions. So for example, let's say that you would like to experiment with MCP, but you don't want it to delete any data, you only want it to read data. You can use NetSuite's roles and permission system to set up a role that is only allowed to read and then that is just enforced for you by the things you're used to in NetSuite. We didn't have to add a new kind of roles and permissions on top, we just used what was already there.

But it's up to the developer to put those essential guardrails in place, he cautions:

As far as how adventuresome does somebody want to be, we try to explain to them, be careful, but ultimately, it's up to the customers to decide where they want to position themselves.

Nevertheless, he believes it's important for customers to start experimenting with AI agents to discover what the technology can do for them — as well as get used to its limitations. He tells me:

We think everybody's really excited about agents, but that most of that story hasn't been written yet. In other words, people are experimenting with a lot of agentic things, but they haven't found a steady state yet. But in order to do that exploration — in order to know what's going to work well and that's what's not going to work well — people need to be able to try things. And so I think this helps people make NetSuite data part of their exploration.

Up to you to put guardrails in place

In a demonstration of the new capability using MCP to connect to Claude, the AI assistant based on Anthropic's family of LLMs, he shows it answering natural language questions with NetSuite example data, such as showing a table of top customers with the option of visualizing the data as a pie chart. In another example, it uses NetSuite's financial performance tool to show various data points about sales or inventory and suggests other ways to query the data.

What's striking about these demonstrations is that, apart from providing some sample tools to get people started, NetSuite isn't providing any detailed prompts or context to the LLM to help it understand the underlying data model or platform functions. Instead, Claude is relying on the LLM's knowledge of NetSuite that it has derived from the general-purpose Internet content that makes up its training model. Chess comments:

One of the things that it illustrates is how well the Internet knows about NetSuite, because the Internet understands NetSuite well enough that Claude can write queries built in.

The corollary of this however is that there are none of the guardrails against unreliable and inappropriate answers or hallucinations that a vendor typically builds into its own platform-native AI agents. He goes on:

Claude does very well with some of these high-level kinds of NetSuite things on its own. Now I'm sure you can push it into a corner like, let's say you've written your own custom application inside on the NetSuite platform, but the Internet doesn't know anything about it. Well, then an LLM is going to need more hints in order to get that right, but having this nice foundation is a great way to start.

It's up to the developer therefore to put their own guardrails in place, as well as making sure that their contract with the LLM provider includes protections for the data they send it. He goes on:

If the AI is going to reside outside of NetSuite, then some of those guardrails that I think people are more and more coming to expect are the responsibility of the people who are putting that AI together. MCP is... a pretty simple protocol, and so we can give you, for example, your sales data back [to send to the LLM], but what is happening to that sales data once it goes back? That's something that is out of our hands.

My take

As we recently explored in an article by Ian Thomas, MCP's simplicity is encouraging rapid adoption but it also means that it doesn't have the governance and scaling functions that safe enterprise usage demands. That's all well and good if you're just experimenting with agent capabilities, but it's not ready to roll out in production at scale, especially not when accessing mission-critical enterprise data and processes. It simply doesn't yet have the enterprise-grade governance and management features that you get in more mature technologies.

Developers therefore need to use this new MCP capability with caution. It's one thing to use the native AI capabilities that NetSuite has rolled out on its own platform, where the vendor takes responsibility for how the AI treats their data. It's quite another to take enterprise data outside of NetSuite to a third-party LLM via MCP. It's then on the developer to make sure that the LLM treats their data in a way that they would be happy with.

Expect to hear much more about MCP and other AI agent capabilities within the NetSuite platform as we get closer to October's SuiteWorld conference. The timing of this announcement allows for ecosystem partners and customers to make progress with integrations ahead of the event, so there could be some interesting first applications of the integration ready to put on show by then.