Visier MCP

Learn about Visier's Model Context Protocol (MCP) server.

Note: Alpha This feature is in alpha. While in alpha, features may change in a breaking way without notice; functionality may be removed, and no deprecation notices will be issued. If you're interested in using this feature, please contact your Customer/Partner Success Manager.

Overview

The Model Context Protocol (MCP) is an open-source standard for connecting AI applications to external systems. MCP allows AI systems to access real-time information from various sources. Through MCP servers, organizations can expose their APIs and data in a standardized way, enabling more powerful and context-aware AI interactions.

Caution: Visier MCP is designed to integrate with third-party AI applications and agentic workflows. These are independent service providers. You are responsible for complying with all terms, conditions, and policies applicable to those third-party systems. By enabling and using this feature, you are instructing Visier to send your data to these services.

Each AI application's output quality is client-dependent because different AI applications use different LLMs to interact with MCP. Visier MCP demonstrates successful results with Anthropic's Sonnet LLMs.

Visier MCP connects MCP-compatible client applications, such as Claude Desktop and Cursor, to Visier to retrieve data for use in external systems. The MCP server provides a common interface through which your clients can query Visier APIs without requiring custom API integrations for each AI application you want to integrate with Visier. Use Visier MCP to access real-time, standardized data while maintaining your Visier users' data security and controls.

With your data loaded in Visier, use MCP to answer business questions such as:

  • How many people are close to retirement age?
  • Who are my top performers?
  • What's the total cost of my workforce?

In an AI agent, you can access Visier MCP tools alongside other non-Visier MCP tools to combine server capabilities. For example, let's say your organization connects to the Google Calendar MCP. You can ask your AI agent to compare the amount of meeting hours you spend with your team's highest and lowest performers. To accomplish your request, the AI agent uses Visier Query MCP Server to find your team's highest and lowest performers. Then, the AI agent uses the Google Calendar MCP to search your calendar for any meetings with those individuals and identifies people you should schedule more time with and when.

However, there is some risk in using MCP servers. We do not recommend connecting untrusted MCP servers to AI agents that also access Visier MCP. For more information about risks, see Security considerations.

Available tools

Visier Query MCP Server supports the following tools:

  • Run an aggregate metric query
  • Run a list query
  • Search analytic objects
  • Search properties for an analytic object
  • Search metrics
  • Search dimensions for a metric
  • Search dimension members for filtering

Limitations

Visier Query MCP Server requests reflect your data as of the latest data load in Visier. Visier data security persists in MCP; users can only access data through MCP that they are allowed to access in Visier.

Because Visier Query MCP Server connects to Visier APIs, API rate limits apply. Calls over these limits are rejected. For more information, see API Rate Limiting.

An MCP server's understanding of natural language depends on the AI agent's capabilities and may vary from agent to agent.

Security considerations

Before enabling Visier MCP, be aware of the following security considerations.

Data processing roles and responsibility

When you use Visier MCP to connect to a third-party AI tool, you decide which third-party AI tools to connect to and you determine the purpose for using them. Your use of these tools is governed by your own direct agreement with that tool's provider.

Lethal trifecta attacks and cross-tool communication and data leakage risks

If an agent has the following 3 capabilities, there is risk of data theft through a lethal trifecta attack:

  • Access to your private data.
  • Exposure to untrusted content, such as internet sources, emails, or task-tracking tools.
  • Ability to communicate externally, such as replying to emails or support requests.

The lethal trifecta attack is a special case of indirect prompt injection. Indirect prompt injection is where an attacker places a malicious prompt in a location the AI agent might access, such as a public website, a support ticket, or an email. When the AI agent encounters the malicious text, the malicious prompt can trick the AI agent into overriding its original instructions and executing harmful commands. Combined with access to private data and the ability to communicate externally, this malicious prompt can trick the agent into leaking private data.

The only known mechanism to completely prevent exploitation of the lethal trifecta is to avoid building it at all. Take care when connecting multiple MCP servers to ensure you do not create the lethal trifecta. Before enabling MCP through profile capabilities, educate users on and make them aware of the lethal trifecta. For more information about the lethal trifecta, see The lethal trifecta for AI agents: private data, untrusted content, and external communication.

Indirect prompt injection

An attacker places a malicious prompt in a location the AI agent might access, such as a public website, a support ticket, or an email. Because AI agents combine instructions and data, it is difficult for an agent to identify which prompts are legitimate and which prompts are injected. This can be exploited to make the agent perform unintended and potentially malicious actions.

Context poisoning

In a multi-tool environment, tools share the AI agent's context or memory. An attacker can inject malicious or misleading information into the agent's context through one tool. Subsequent calls to Visier MCP could then be influenced by the poisoned context, causing the agent to retrieve inaccurate data from Visier.

Mitigation and best practices

To protect against these security risks, administrators should implement the following safeguards.

Train your users

Educate users about the risks of:

  • The lethal trifecta and how to avoid combining all 3 capabilities.
  • Connecting untrusted MCP tools to their AI agent.
  • Allowing the AI agent to access untrusted external content.

Use trusted MCP tools only

Only enable MCP servers from trusted, verified sources. Do not allow users to connect untrusted MCP servers to AI agents that also have access to Visier MCP. Each AI agent has its own methods for registering and verifying MCP servers, so check your client's trusted sources.

What Visier is doing

To ensure MCP is only available to intended users, access to MCP is controlled through a feature toggle and requires that administrators assign a profile or profile additional capability to approved MCP users. For more information, see Prerequisites.

Additionally, MCP uses OAuth 2.0 authorization to grant user access to Visier MCP in AI agents without ever sharing user passwords. For more information, see OAuth 2.0.

For support, contact Visier Technical Support.

In this section