Oracle connects AI to its cloud policies: the battle is no longer the model, it's the plumbing

🕒 Published on Zendoric: July 8, 2026 · 09:15
Oracle has equipped its IAM policy analysis tool on OCI with an MCP server, allowing agents like Claude or Codex to query cloud access permissions with real, deterministic data instead of pasted text or the model's generic memory. It's a small but revealing example of where enterprise AI is headed.
We'll send you a confirmation email (double opt-in). Privacy.
By Oracle Blogs · July 7, 2026.
Oracle has published the third installment of its series on OCI Policy Analysis, an internal tool for understanding identity and access management (IAM) policies in its cloud. The novelty in this part is the addition of MCP (Model Context Protocol), the standard that allows an AI agent —Claude Desktop, Codex, or another compatible client— to call structured tools instead of merely interpreting pasted text, screenshots, or its generic knowledge about IAM. The MCP server exposes eight specific tools (policy search, change history, identities, tag-based conditions, workload identity on OKE, cross-tenancy policies, among others) that return structured, predictable results, while the agent is limited to deciding what to ask and how to present the answer. Deployment is flexible: from a local process via STDIO to a persistent HTTP server in OCI containers with resource-principal authentication, including an embedded mode within the desktop application.
It's a technical, niche article —signed by a cloud architect, aimed at security and infrastructure teams— but it contains a thesis that goes far beyond Oracle. The central piece is not the language model, but the parsing and enrichment layer that converts policy statements into structured data (subject, verb, resource, conditions, effective compartment scope). The author himself puts it bluntly: if the MCP server returned raw text, the agent would have to guess too much. The intelligence isn't in the AI, it's in the data that feeds it deterministically.
This connects directly with something we've been pointing out: competition among tech giants is shifting from who has the smartest model to who controls the 'plumbing' —integration, agent standards, reliable access to critical systems. MCP is establishing itself as that common language, and every enterprise infrastructure vendor (Oracle, but also AWS, Google, Microsoft) has clear incentives to become 'MCP-native' as soon as possible: every tool they expose this way increases the stickiness of their ecosystem and reduces the friction for companies to trust sensitive tasks to agents.
The case also illustrates a security point that tends to be overlooked amid the enthusiasm for agentic AI: misconfigured IAM policies are one of the most common attack vectors in the cloud, and until now auditing them depended on a human manually reading thousands of lines of policy or on an LLM 'hallucinating' an interpretation of pasted text. Replacing that hallucination with deterministic queries against an enriched data model —who can do what, where, under what condition— is a real, not cosmetic, governance improvement. The article itself warns of the symmetric risk: a poorly exposed MCP server is, in itself, a pathway to sensitive IAM data, and it recommends network controls and, if necessary, a dedicated MCP gateway.
Our reading is that this type of piece, though small, is the ground on which the real adoption of agentic AI in the enterprise is being decided: not in spectacular benchmarks, but in the ability to connect agents to production systems without sacrificing reliability or security. In the short term, this adds complexity —governing who can ask an agent what, when it has access to production policies, is a new problem in its own right— and organizations will have to invest in that control layer before reaping the productivity gain. But in the medium term, patterns like 'collect, parse, enrich, expose' are exactly the kind of scaffolding that will allow expert review of security, compliance, and architecture —scarce and expensive today— to become abundant and accessible, freeing human specialists for high-level judgment instead of repetitive manual auditing.
🔗 Related on Zendoric
Sources & references
Get the analysis by email · free
One email a day analysing the AI essentials. Free, no spam, unsubscribe anytime.
We'll send you a confirmation email (double opt-in). Privacy.


