QCon London 2026: Morgan Stanley Rethinks Its API Program for the MCP Era

2026-03-19 · Source: InfoQ · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Software Development & Engineering, Cloud Computing & IT Infrastructure · Depth: Advanced, short

Summary

At QCon London 2026, Jim Gough and Andreea Niculcea from Morgan Stanley detailed their API program's evolution to support AI agents, driven by the Model Context Protocol (MCP) becoming an industry standard. They highlighted the challenge of scaling API integrations for natural language interaction, noting that disambiguation problems and "chattiness" from agents increase costs. Morgan Stanley addresses this by using CALM (Common Architecture Language Model), an open-source FINOS project, to define architectures as code via JSON schema. This approach allows developers to generate deployment artifacts from patterns, enforcing compliance guardrails and catching incomplete architectures with build-time validation. The platform team centrally manages operational rollouts and security updates across over a hundred deployments using CALM Hub, achieving zero-downtime infrastructure upgrades. They also demonstrated future-proofing with adapter layers, showing Google's Agent-to-Agent protocol alongside MCP, emphasizing that codified controls allow swapping interaction layers without rebuilding underlying APIs.

Key takeaway

For CTOs and VPs of Engineering grappling with AI agent integration, adopting an "architecture as code" approach like Morgan Stanley's CALM implementation can drastically reduce API deployment times from years to weeks. Your teams can gain a secure, production-ready baseline from day one, bypassing months of manual configuration and compliance hurdles, while ensuring centralized visibility and control over your evolving API estate.

Key insights

Codifying API architectures with CALM enables scalable, secure, and efficient integration for AI agents in financial institutions.

Principles

• Architectures as code improve scalability.
• Centralized management streamlines deployments.
• Adapter layers future-proof API interactions.

Method

Define system architectures using CALM's JSON schema patterns. Generate deployment artifacts, enforce compliance via configuration, and validate builds with Spectral rulesets to automate security and deployment gates.

In practice

• Use CALM to define API architectures.
• Implement build-time validation for security.
• Explore adapter layers for new protocols.

Topics

• Model Context Protocol
• API Management
• Architecture as Code
• AI Agents
• Financial Technology

Code references

• finos/architecture-as-code

Best for: CTO, VP of Engineering/Data, Director of AI/ML, Software Engineer, MLOps Engineer, AI Architect

Related on AIssential

• v2.1.97 — Claude Code prioritizes security, performance, and extensibility through continuous iterative improvements and new feature introductions.
• New ways to balance cost and reliability in the Gemini API — New Gemini API tiers, Flex and Priority, optimize cost and reliability for diverse AI workloads.
• The Organization Is the Bottleneck — Organizational maturity and existing engineering foundations dictate AI coding agent success, not the tools themselves.
• [AINews] Everything is CLI — CLIs are emerging as a critical interface for agent-native infrastructure, simplifying service provisioning and orchestration.
• Why I Moved My Agentic Coding Harness from Claude Code to Codex — Daily operational factors like rate limits and reliability outweigh benchmarks for agentic coding harness adoption.
• Reimagining API modernization with deterministic AI-assisted engineering — AI-assisted, instruction-driven frameworks accelerate legacy API modernization by codifying patterns and ensuring deterministic outcomes.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by InfoQ.