The Problem
Financial AI agents need web search to verify stock data, check SEC filings, and monitor news. But giving a financial agent unrestricted internet access is a security risk: the agent could leak portfolio data through URL parameters, hit phishing sites, or execute unauthorized requests. Compliance teams block search integration entirely.
The Scavio Solution
Use Scavio's MCP server as a sandboxed search layer. The agent connects to mcp.scavio.dev/mcp and can only call pre-defined search tools. No direct internet access. Query content is logged for audit. The MCP protocol constrains what the agent can do: search, not browse. Compliance teams approve because the attack surface is a single, auditable endpoint.
Before
Financial agent has no search capability because compliance blocked direct internet access. Agent cannot verify real-time stock data or check SEC filings.
After
Financial agent connects to Scavio MCP. Can search for stock data and SEC filings through sandboxed tools. All queries logged for audit. Compliance approves.
Who It Is For
Financial services teams building AI agents that need web search but must satisfy compliance requirements for internet access control and audit logging.
Key Benefits
- Sandboxed search: no direct internet access for the agent
- All queries logged for compliance audit
- MCP protocol constrains agent to search-only operations
- No data leakage through URL parameters
- Compliance-friendly single auditable endpoint
Python Example
import requests, os, json, logging
from datetime import datetime
API_KEY = os.environ["SCAVIO_API_KEY"]
MCP_URL = "https://mcp.scavio.dev/mcp"
HEADERS = {"Authorization": f"Bearer {API_KEY}", "Content-Type": "application/json"}
# Audit logger for compliance
logging.basicConfig(filename="financial_search_audit.log", level=logging.INFO)
def audited_search(query: str, agent_id: str) -> dict:
"""Sandboxed search with audit logging for financial agents."""
# Log the query for compliance
logging.info(json.dumps({
"timestamp": datetime.now().isoformat(),
"agent_id": agent_id,
"query": query,
"action": "search",
}))
payload = {
"jsonrpc": "2.0", "id": 1,
"method": "tools/call",
"params": {"name": "search", "arguments": {"query": query, "country_code": "us"}}
}
resp = requests.post(MCP_URL, headers=HEADERS, json=payload, timeout=15)
result = resp.json().get("result", {})
# Log the response metadata (not full content for compliance)
logging.info(json.dumps({
"timestamp": datetime.now().isoformat(),
"agent_id": agent_id,
"result_count": len(str(result)),
"action": "search_complete",
}))
return result
# Financial agent searches through sandboxed MCP
result = audited_search("NVDA Q1 2026 earnings SEC filing", "fin-agent-001")
print(f"Search result: {json.dumps(result)[:200]}")JavaScript Example
const MCP_URL = 'https://mcp.scavio.dev/mcp';
const H = {'Authorization': 'Bearer '+process.env.SCAVIO_API_KEY, 'Content-Type': 'application/json'};
function auditLog(entry) { console.log('[AUDIT]', JSON.stringify({...entry, timestamp:new Date().toISOString()})); }
async function auditedSearch(query, agentId) {
auditLog({agentId, query, action:'search'});
const payload = {jsonrpc:'2.0', id:1, method:'tools/call', params:{name:'search', arguments:{query, country_code:'us'}}};
const r = await fetch(MCP_URL, {method:'POST', headers:H, body:JSON.stringify(payload)});
const result = (await r.json()).result || {};
auditLog({agentId, resultSize:JSON.stringify(result).length, action:'search_complete'});
return result;
}
const result = await auditedSearch('NVDA Q1 2026 earnings SEC filing', 'fin-agent-001');
console.log('Search result:', JSON.stringify(result).slice(0,200));Platforms Used
Web search with knowledge graph, PAA, and AI overviews