A common frustration of using AI for investing in 2026: you ask ChatGPT about your portfolio and it confidently tells you about a holding you do not own, or it gives you the right answer for somebody else's portfolio entirely. The model has no idea what you actually hold; it is making plausible-sounding noises trained on the average investor's questions. This is not a flaw of the model. It is the nature of a generic chatbot with no access to your data.
The Model Context Protocol — MCP — is the piece of plumbing that fixes this. It lets an AI model read structured information from a system you authorise (your portfolio tracker, your email, your calendar, your code repository) without giving away the password. For UK self-directed investors, the practical effect is the difference between asking AI generic questions about ETFs and asking AI specific questions about your holdings.
This article is an investor-perspective explainer. What MCP is, what problem it solves, what the privacy model looks like, and what kinds of questions become possible once your AI assistant can read your real portfolio.
This is not financial advice. Past performance does not guarantee future returns. Consider speaking to an FCA-authorised financial adviser for personalised guidance.
What MCP is
The Model Context Protocol is an open standard introduced by Anthropic in late 2024 and adopted across a growing list of AI tools. It defines how an AI model communicates with external "servers" that expose data and tools. The model talks to the server through a structured interface; the server decides what to expose; the user decides which servers to connect.
Think of it as the USB-C of AI: a single, standard cable that lets a model plug into any system that speaks the protocol. Before MCP, every integration was custom — ChatGPT had its plugins, Claude had its own connectors, and each had to be built bespoke for the data source. With MCP, an investor's portfolio tracker, an investor's email, an investor's calendar, and an investor's research notes can all be connected to the same AI assistant through one standard interface.
For an investor, the important properties:
- Read-only by default. Most investor-relevant MCP servers expose only read tools — "list my positions", "show this fund's top holdings", "fetch this ticker's recent news". Trade execution is not a default capability. It is a deliberate design choice, both by the protocol authors and by the people building investor-facing servers.
- User-authorised. A connection is created by you, in your AI client (Claude Desktop, Cursor, ChatGPT, others), and can be removed at any time. You see what tools the server provides before you approve them.
- Conversation-time access. When you ask the AI a question, it can call the relevant tools to fetch the data it needs. The data flows into the conversation context so the model can reason about it. The data does not get permanently absorbed.
Why ChatGPT alone does not know your real holdings
A useful frame: the difference between ChatGPT and ChatGPT-with-MCP is the difference between a knowledgeable stranger and a knowledgeable stranger you have shown your statements to.
The knowledgeable stranger can answer questions about ETFs in general, the FTSE 100 in general, dividend yields in general. Useful, but it does not know what you own. When you ask "is my portfolio overweight technology?" the model cannot meaningfully answer — it has no idea what your portfolio is. So it does one of two things: it tells you general principles about technology weighting, or it makes an assumption about your portfolio, gives you an answer that feels personalised, and is mostly hallucination.
The knowledgeable stranger you have shown your statements to is different. The same question — "is my portfolio overweight technology?" — now has a real input: your actual holdings, the actual sector weights of the funds you hold, the actual look-through to single names. The model can compute the answer rather than guess.
ChatGPT and Claude.ai (the web product) without MCP are the first kind. ChatGPT Plus, Claude Pro, Gemini Advanced — none of these by default see your portfolio. They can only see what you paste into the conversation. That works for one-off questions. It does not work for ongoing analysis where the data refreshes daily.
How MCP solves the hallucination problem
Hallucination, in AI vocabulary, is when a model produces fluent text that is factually wrong. It happens because language models predict the next most likely word given context, and "plausible" and "true" diverge often, especially in specialised domains.
For investing questions, hallucination shows up in three common shapes:
- Made-up positions. "Your portfolio is 32% Apple, 24% Microsoft, 18% Tesla" — a real-sounding answer the model invented because you asked a portfolio question without giving it portfolio data.
- Stale data. "The price of Apple is $185" — a number from the model's training cut-off, not today.
- Fluent-but-vague analysis. "Your portfolio appears well-diversified across major sectors" — generic-sounding text that fits any portfolio, providing no specific insight.
MCP addresses these by routing the relevant questions through a tool call rather than the model's parametric memory. When the AI assistant needs the price of Apple, it calls a get_quote tool. When it needs your holdings, it calls a list_positions tool. The data comes back as structured input the model can reason over, separately from its training data.
The model can still be wrong about the analysis it does on the fetched data. But it cannot make up your holdings, and it cannot make up today's price. Those two sources of error are removed.
The privacy model
This is the question every UK investor asks first, and it is the right question. The default privacy properties of MCP-connected investor data look like this:
Your holdings flow into the conversation, not into model training. The major AI providers (Anthropic, OpenAI, Google) have explicit policies that data sent through their APIs is not used to train their models. Some consumer products differ — check the specific product's data-use policy — but commercial API access, which is what MCP-connected applications typically use, has training opt-out as the default.
The MCP server controls what is exposed. A portfolio tracker building an MCP integration decides which tools to publish. The tools are typically read-only, scoped to the data the user has explicitly granted. There is no "give the AI everything" option unless the server provides it.
You can revoke access at any time. In Claude Desktop, MCP servers are listed under Settings → Developer. Removing a server cuts the connection immediately. The AI loses access to the data on the next conversation.
Conversation logs. Anything you discuss with the AI is in the conversation history. If your AI client retains conversation history (Claude Desktop and ChatGPT both do, unless you disable it), your portfolio numbers are in those logs. Treat this like email — useful, retained, deletable, and worth being thoughtful about.
Trust the chain. The AI provider's policy, the MCP server provider's policy, and the AI client's policy are three separate trust links. For a UK investor connecting a portfolio tracker to Claude Desktop, you are trusting Anthropic's data policy, the tracker's data policy, and the local app on your laptop. Each is its own due-diligence question.
The honest summary: MCP is more private than most consumer AI integrations, because the data flows through structured tools rather than free-form pasting and because read-only is the typical default. It is not zero-knowledge, and an investor who is uncomfortable with their AI provider seeing portfolio numbers (even ephemerally) should not use it. For most users, the trade-off is favourable: better answers in exchange for routing read-only structured data through an existing trust relationship.
How MCP compares to brokerage chatbots and generic AI
Three categories of AI-for-investing exist in 2026, with different strengths and constraints.
Brokerage chatbots. Interactive Brokers, Hargreaves Lansdown, AJ Bell and others have rolled out AI assistants inside their platforms. The strength: they can read your account because they are the broker. The constraint: they only see the holdings inside that one broker. A typical UK investor with an ISA at one provider, a SIPP at another and a GIA somewhere else cannot use a single broker chatbot to see the consolidated picture. The AI is also typically fine-tuned to broker-specific support questions rather than open-ended portfolio analysis.
Generic AI (ChatGPT, Claude.ai web, Gemini). Strong at general knowledge, financial concepts, regulatory framing. Cannot see your holdings unless you paste them in. Reasonable for one-off questions; impractical for ongoing analysis.
MCP-connected AI (Claude Desktop, Cursor, ChatGPT desktop with MCP). Connects to a portfolio tracker that exposes MCP tools. Sees your real consolidated holdings if the tracker covers all your wrappers. Combines portfolio data with the model's general financial knowledge. The constraint: you need a tracker that exposes MCP — currently a small set, but growing.
The directional shift visible in 2026 is that the third category is starting to matter. Generic AI will continue to be useful for general questions. Brokerage chatbots will continue to be useful within their walls. MCP-connected AI is the only category that can do "what does my whole portfolio look like" with real numbers — which is what most self-directed investors actually want.
| Broker chatbot | Generic AI | MCP-connected AI | |
|---|---|---|---|
| Sees your holdings | Within one broker | No (unless pasted) | Yes (across brokers, via tracker) |
| General financial knowledge | Limited | Strong | Strong |
| Personalised analysis | Limited to broker | No | Yes |
| Cross-wrapper view | No | No | Yes |
| Trade execution | Sometimes | No | Generally no by design |
| Privacy | Broker holds the data | Conversation only | Conversation + read-only tool calls |
Worked questions you can ask Claude after connecting a portfolio
The reason this matters in practice is the kind of question that becomes useful. A short tour of questions a UK self-directed investor might ask once a portfolio is connected to an MCP-aware AI:
"What is my total exposure to Apple across all my wrappers?" A look-through across every ETF in every account, summing the Apple weight in each fund times the fund's GBP value, plus any direct Apple shares. Returns a single percentage and a single pound figure. Mechanically tedious without a tool; instant with one.
"Show me my sector breakdown rolled up across ISA, SIPP and GIA." Sums sector weights of every fund weighted by holding size, surfaces the top sectors and any concentrations above a threshold.
"Which of my holdings have the highest overlap with VWRL?" Compares the constituents of each non-VWRL fund against VWRL, returns overlap percentage. Useful for spotting redundant exposure.
"What is my dividend income from this portfolio in the next twelve months, by wrapper?" Aggregates trailing-twelve-month dividends across holdings, projects forward, splits by wrapper. Useful for planning whether your GIA is going to bump into the £500 dividend allowance.
"Where am I against my target allocation?" Compares current weights against a target you specified, surfaces the largest drifts. Useful for planning the next contribution rather than rebalancing reactively.
"Find any holdings I have where the OCF is materially higher than alternatives in the same category." Compares each holding's ongoing cost figure against typical category alternatives. Useful for cost reviews, not for chasing the cheapest option blindly.
"Summarise the news from the last week for my top ten holdings." Aggregates news for the largest single-name exposures across all funds. Useful for informed reading rather than doomscrolling generic financial news.
These questions are mechanical in nature — computable from holdings data and standard reference data. The AI's job is the orchestration: knowing which tools to call, how to combine them, and how to present the answer clearly. The work the model is good at is exactly this — connecting structured data to a question phrased in natural language and producing a coherent answer.
What the AI should not do, and what well-designed investor MCP servers do not enable: place trades, change account settings, or move money. Those actions are deliberately outside the read-only tool set.
What you need to use it
Concretely, the path for a UK self-directed investor in 2026:
An AI client that supports MCP. Claude Desktop is the most mature option. Cursor (an IDE) supports MCP. ChatGPT desktop supports a similar capability. New clients are appearing each month.
A portfolio source that exposes MCP tools. This is the bottleneck. Sharesight does not currently expose MCP. Most broker dashboards do not. Invormed exposes MCP for early-access users. The space will grow.
A subscription, usually. Claude Pro is the typical entry point at around £15/mo. ChatGPT Plus is similar. The free tiers of these products generally do not include MCP. Some MCP servers have their own subscription on top.
Comfort with the tooling. Setting up an MCP connection involves copying a configuration block into your AI client's settings. Five minutes of work; not zero minutes. Most providers publish the exact config needed.
The infrastructure is fifteen-month-old, the ergonomics are improving, and the value is real for any investor who already pays for an AI subscription and already maintains a multi-wrapper portfolio.
FAQ
What is MCP?
The Model Context Protocol — an open standard introduced by Anthropic in late 2024 — that defines how AI models talk to external systems through structured tool calls. It lets a model read data and call functions on systems you authorise without taking on your login credentials directly.
Is connecting my portfolio to AI safe?
It depends on which links in the chain you trust: the AI provider, the portfolio tool that exposes the MCP server, and the AI client on your laptop. The default privacy properties — read-only tools, no training on your data through commercial APIs, revocable access — are stronger than most consumer AI integrations, but it is not zero-knowledge. Read each provider's data-use policy and decide whether the trade-off is favourable for your situation.
What can Claude actually do with my portfolio data?
Whatever the connected MCP server exposes. For most investor-facing servers this is read-only: list positions, look up fund constituents, compute sector breakdown, surface dividend history. Well-designed servers do not expose trade execution. Anything Claude does with the data — answer questions, produce summaries, run calculations — is bounded by the tools the server publishes.
Will my data train an AI?
Through commercial APIs (which is how MCP-connected apps typically work), the major AI providers have training opt-out as the default. Anthropic, OpenAI and Google all publish policies stating that API-routed data is not used to train models. Consumer products may differ — check the specific policy of the AI client you use. The MCP server provider has its own data policy, which is a separate question.
Do I need ChatGPT or Claude for this?
You need an AI client that supports MCP. Claude Desktop is the most mature option; Cursor (an IDE) supports it; ChatGPT desktop supports a similar capability. Free tiers typically do not include MCP support — a paid subscription (Claude Pro, ChatGPT Plus, or similar) is usually required at around £15/mo.
Can the AI place trades on my behalf?
By design, well-built investor MCP servers do not expose trade execution. The default tool set is read-only. Even if a server did expose trade tools, your AI client would prompt you for explicit approval before any tool call that mutates external state. The pragmatic answer: do not use MCP servers that expose trade execution unless you have very specific reasons and very specific guardrails.
How is MCP different from broker chatbots?
Broker chatbots see only the holdings inside that one broker — they cannot consolidate across an ISA at one provider, a SIPP at another, and a GIA somewhere else. MCP-connected AI sees the consolidated picture if the tracker you connect covers all your wrappers. Broker chatbots are typically fine-tuned for support and account questions; MCP-connected AI uses a general-purpose model with portfolio data added, which is better suited to open-ended analytical questions.
Want a portfolio tracker built MCP-first, so you can ask Claude or another AI client about your real holdings? Invormed is in early access — join the early-access waitlist and we will let you in as we open up.