Business software will no longer be just a screen

Information systems are changing: not just interfaces, but APIs, MCP servers and AI agents able to work on company data in a supervised way.

Gaetano Castaldo Gaetano Castaldo
20 May 2026
ai digital-transformation cybersecurity #AI agent #MCP #API #business software #construction #AI governance #company data #AI Act #Italian SMEs
Construction team designing a business system with AI agents, APIs and connectors

TL;DR

The future of business software will not be made only of screens, menus and buttons.

More and more systems will have two layers: an interface for people and an API layer designed to be used by AI agents, specialized chatbots and MCP connectors.

This means an AI assistant will be able to read authorized data, retrieve information, prepare quotes, generate documents, update progress states, produce reports and coordinate scheduled or supervised activities.

This is not simple automation.

It is a different way of designing information systems: less "open the management system, search, export, copy and paste"; more "ask for what you need and let the agent work on the data it is authorized to use".

We are already seeing this evolution in real projects, including operational contexts like construction, where AI can help retrieve data, prepare quotes, read production information and support delivery processes.

The critical point is governance: data, permissions, compliance, audit, human oversight and infrastructure. Without these elements, an AI agent is not innovation. It is operational risk.

For years software only spoke to users

For years we designed software thinking about a person in front of a screen.

A user opens a management system, opens a screen, filters a table, exports an Excel, copies data, prepares a document, sends an email, updates a status.

This model will remain. It will not disappear tomorrow.

But it will no longer be the only way to use an information system.

The new user of software will also be the AI agent: an assistant able to query systems, call APIs, read documents, retrieve data from the CRM or management systems, perform controlled actions and return a result that makes sense to the person.

In practice, business software will have to have two faces:

  • one for users, made of interfaces;
  • one for agents, made of APIs, permissions, logs, connectors and rules.

This is where the Model Context Protocol becomes interesting: not as a technical buzzword, but as a market signal. A standard is needed to connect AI models, tools, databases and business systems without reinventing the integration every time.

OpenAI itself introduced documentation for building MCP servers for ChatGPT Apps and API integrations. This confirms a direction: models will not stay locked inside a chat. They will need to talk to systems.

From the UI to the dialogue

This does not mean interfaces will disappear everywhere.

It means many repetitive tasks will no longer need to go through ten screens, three exports and two Excel files.

An entrepreneur, a technical manager or a project manager should not necessarily have to enter different systems to ask:

"Prepare the updated quote for this job, using the most recent prices, the materials already approved and the historical data of similar jobs."

Or:

"Show me the sites at risk of delay, explain why and prepare a report for tomorrow's meeting."

Today these requests often require people, files, phone calls, manual checks and switching between different tools.

Tomorrow they can become agentic tasks: the assistant retrieves the authorized data, processes it, proposes an output and leaves the final validation to the human.

This is the difference between software that waits for clicks and a system that can be queried.

What we are already seeing in construction processes

The interesting part is that this is no longer just theory.

In some construction contexts we are already working on systems where AI is not only used to "write better" or make a summary. It is used to connect data, documents, quotes, production information and operational activities.

We are talking about cases like:

  • generating quotes from technical and historical data;
  • retrieving information from project documents;
  • producing delivery reports;
  • connecting production, administrative and operational data;
  • scheduling control activities;
  • building specialized assistants for specific roles.

The point is not to have a generalist chatbot that answers everything.

The point is to build vertical assistants, connected to the right data, with authorized tools and clear limits.

An agent for sales should not do the same things as an agent for the technical manager. An agent for management should not have the same permissions as an operational agent. An agent that reads documents should not automatically be able to write into the management system.

This is the step many companies have not yet brought into focus: agentic AI is not only intelligence. It is permission architecture.

It is not simple automation

A classic automation follows a defined sequence:

if A happens, do B.

An AI agent works differently.

It interprets a request, retrieves context, chooses which tools to use, produces an output and can propose follow-up actions.

This does not mean it should be left free to do everything.

On the contrary, the point is the opposite: the more capable the agent, the more you need to design the boundaries well.

For an SME this means defining:

  • which data the agent can read;
  • which actions it can propose;
  • which actions it can perform on its own;
  • which actions require human approval;
  • where logs and evidence are recorded;
  • who is responsible for the final result.

The AI Act pushes exactly in this direction: having powerful systems is not enough, you need to be able to govern them. The topic of human oversight and responsible use of AI is not a bureaucratic detail. It is part of the system design.

The return of data close to the company

Here comes the hardest problem.

If an AI agent has to read company data, quotes, technical documents, production information, customer data or delivery information, you cannot treat it like a generic chatbot.

You have to decide where the data lives.

For many simple use cases, a well-configured cloud service can be enough. But for critical processes, sensitive data or confidential information, the answer might be different: private environments, the customer's data center, local servers, smaller models run close to the data, or hybrid architectures.

This is an increasingly concrete direction, also thanks to small and medium language models.

Not all the assistants of the future will have to be huge generalist models. Some will be able to be smaller, specialized models, run on company PCs, workstations or local servers. Microsoft, for example, documents scenarios of local LLMs on Windows, exactly in the direction of ready-to-use models close to the user's environment.

This does not eliminate the complexity. It moves it to the right place.

The point is not only "which model do I use?". The point is:

  • where does the model run?
  • where does the data live?
  • which data leaves the company?
  • which data stays local?
  • who updates the system?
  • who controls outputs, permissions and logs?

The European knot: we want safe AI, but we need infrastructure

In Europe we talk a lot about digital sovereignty, the AI Act, privacy, security and control.

These are the right topics.

But if we really want agentic AI systems integrated with company data, we need infrastructure: compute, data centers, skills, connectors, governance, local models, secure environments.

The European Commission is moving in this direction with initiatives like AI Continent, AI Factories, AI Gigafactories and InvestAI.

The problem, on the ground, is that many companies do not yet have easy access to this capacity.

For a large enterprise, designing private, governed and integrated AI can be costly but realistic.

For an SME, especially under 50 employees, the risk is different: getting stuck between two imperfect alternatives.

On one side, generalist tools that are easy to use, but not always suited to sensitive data and processes.

On the other, more solid private architectures, but costly, complex and hard to maintain.

This is where intermediate solutions will be needed: serious assessments, lightweight architectures, proportionate models, reusable connectors, minimal but real governance.

The question every company should ask

The question is no longer only:

"What interface does the software have?"

The question becomes:

"Is this system ready to be used safely by an AI agent?"

To answer, some conditions are needed:

  • ordered and accessible data;
  • documented APIs;
  • MCP connectors or an integration layer;
  • granular permissions;
  • logs and audit trail;
  • human oversight;
  • data policies;
  • a conscious choice between cloud, private, local or hybrid.

Those who design business systems today without this layer risk building software that is already old.

Not because the interface is no longer needed.

But because the interface, on its own, is no longer enough.

Conclusion

The future of AI agents is not "a bot that answers better".

It is an information system designed to be queried, operated and governed by intelligent assistants.

In this model, AI does not work outside the company. It works inside a designed perimeter: authorized data, controlled tools, supervised actions, verifiable logs.

This is the real challenge for Italian SMEs.

Not buying yet another AI tool.

Building business systems ready for work where people, software and agents collaborate on the same processes, with clear rules.

If you want to understand whether your systems are ready for an agentic AI project, the first step is not choosing the model. It is mapping processes, data, permissions, risks and integrations.

Book a free call

FAQ on AI agents, MCP and business software

How do you integrate an AI agent into business software with MCP? The software needs two faces: an interface for people and an API layer for agents. MCP (Model Context Protocol) is the standard that connects AI models, tools, databases and management systems without reinventing every integration. You need documented APIs, MCP connectors, granular permissions, logs and human oversight before letting the agent work on the data.

What is the Model Context Protocol (MCP)? It is a standard to connect AI models, tools, databases and business systems without reinventing the integration every time. It is not a technical buzzword but a market signal: models will not stay locked inside a chat, they will need to talk to systems. OpenAI too has published documentation for building MCP servers.

What is the difference between an AI agent and a classic automation? A classic automation follows a fixed sequence: if A happens, do B. An AI agent interprets the request, retrieves context, chooses which tools to use, produces an output and can propose follow-up actions. The more capable the agent, the more you need to design the boundaries well: readable data, proposable actions, actions that require human approval.

Is my management system ready to be used by an AI agent? To answer you need some conditions: ordered and accessible data, documented APIs, MCP connectors or an integration layer, granular permissions, logs and audit trail, human oversight, data policies and a conscious choice between cloud, private, local or hybrid. Without this layer, you risk building software that is already old.

Where should the data used by an AI agent in an SME live? It depends on the use case. For simple processes a well-configured cloud service can be enough. For sensitive data or critical processes the answer changes: private environments, the customer's data center, local servers, smaller models run close to the data or hybrid architectures. Small and medium language models make this direction increasingly concrete.

Sources and references

Tags

#AI agent #MCP #API #business software #construction #AI governance #company data #AI Act #Italian SMEs
Gaetano Castaldo
Gaetano Castaldo Sole 24 Ore

Founder & CEO · Castaldo Solutions

Sono un consulente di trasformazione digitale con esperienza enterprise. Aiuto le PMI italiane ad adottare AI, CRM e architetture IT con risultati misurabili in 90 giorni.

Read also

Related articles you might find interesting

Is Your Company Ready for AI?

Take the free assessment: 5 minutes, 5 areas analyzed, personalized PDF report with concrete recommendations.

Find out how AI-ready you are

Free, no signup required