Loading...

vediamo che succede en

  • Home
  • vediamo che succede en
img
AI
alt

Michele Pisani

July 05, 2026

Why a deterministic connector beats an AI agent, when the data has to be right every time

With AI, it now feels like you can connect anything to anything, just ask. An agent with access to MCP (Model Context Protocol) reads your data, interprets it, answers you. In many contexts this works well. The point is understanding where this approach is the right choice, and where it hides a bump that shows up later, in a report handed to a client.

A distinction worth making

MCP itself is a protocol that exposes deterministic functions: once called with certain parameters, an MCP tool always performs the same operation the same way. The protocol isn't the problem. The problem is who decides which parameters to pass and when to call that tool. That decision is made by a language model, which translates a natural-language request ("give me last month's traffic") into a structured call with dates, account IDs, property names.

It's in that interpretation step that the error can creep in. It's not a bug in the underlying connector: it's a gap between what you asked for and what the model actually executed.

A verified example, outside our industry but useful for understanding the mechanism

The most well-documented case of this kind of error doesn't come from marketing, it comes from law, and it's useful precisely because it was measured rigorously. Stanford HAI (Stanford RegLab and the Human-Centered AI Institute) tested two legal tools built specifically to avoid hallucinations through RAG (retrieval-augmented generation), the method that retrieves the correct documents first and then generates the answer based on them. Even with this approach, the study found that Lexis+ AI and Ask Practical Law AI produced incorrect information more than 17% of the time, and Westlaw AI-Assisted Research more than 34% of the time, on real legal queries.

The interesting finding isn't just the percentage, it's the type of error. The researchers distinguish two categories: answers that are simply wrong, and "misgrounded" answers, where the system cites a real, verifiable source that doesn't actually support the claim being made. The source exists, looks authoritative, and still leads to a false conclusion. (Source: Stanford HAI, Stanford RegLab/HAI study, May 2024, hai.stanford.edu)

It's the same mechanism by which an agent can pick the wrong time period or the wrong property without anything in the result signaling that something is off.

What the data says about MCP security

It should be said clearly that MCP as a technology has a real advantage over other agent extension mechanisms: it exposes functions through structured, traceable invocations, easier to control than free-form text instructions loaded into a model's context. An analysis by Noma Security, reported by Help Net Security in May 2026, acknowledges this too, while also flagging a concrete limitation: across the enterprise deployments analyzed, most MCP servers in use include high-risk capabilities (including arbitrary code execution), and the most common risk, shared by both intentional attacks and hallucinations, is the agent's ability to modify state or data without a human check in between. (Source: Help Net Security, "One in four MCP servers opens AI agent security to code execution risk," May 2026, based on a Noma Security whitepaper; the specific "1 in 4" figure is in the article's headline, the supporting detail in the body of the piece is qualitative)

This doesn't make MCP a tool to write off: it's a solid protocol, and we'll likely use it ourselves in the future for scenarios where an agent's flexibility makes sense. But for one specific use case, retrieving the same data with the same parameters every time to build a report a client will use to make a decision, the question to ask is whether it makes sense to introduce a non-deterministic interpretation layer where it isn't needed. The answer is "No!"

A solid tool doesn't need AI inside it

This is the central point. A tool built to be deterministic, where every call with the same parameters returns the same result, simply leaves no room for that kind of error. Not because "it's right most of the time," but because the stage where a hallucination could be born, a model interpreting an intent, doesn't exist in the path from your spreadsheet to the data.

This is the principle Magic Reports is built on: no AI in the path that retrieves your data. The data comes from direct calls to the GA4, Google Ads, Meta Ads, and other connected platforms' APIs, with parameters you define explicitly in the spreadsheet. Change a cell, change the parameter, and you get the same result every time for the same request. No model decides which account, which date range, or which metric to pull: you decide, and the tool executes exactly that. The tool doesn't make mistakes because it was built specifically not to: every call is a deterministic function, with no interpretation layer that could invent a plausible but false data point.

The question to ask before choosing a tool

When a tool relies on AI to retrieve or process marketing data, one question helps clarify where you stand: if the result isn't what you expected, do you know with certainty why? With a deterministic connector, the answer is always yes. If you apply a filter and the result surprises you, you know for certain that it's the correct answer for the filter you set: the margin for error, if any, is yours, in a parameter, and you can check and fix it immediately. With an agent, that certainty doesn't exist: if the result surprises you, you don't know whether you got the request wrong, whether the AI misinterpreted it, or whether it's simply correct. You can't tell a real anomaly apart from a hallucination that looks like one, and in a report a client will use to make a decision, that isn't a detail: it's the only thing that actually matters.

For a report an agency or a client will use to decide something, reliability isn't a technical detail: it's the foundation of the trust with which that number will be read. A connector built to be deterministic, with a clear perimeter of what it can and can't do, remains today the most solid choice for this kind of work.


Sources cited in this article:

  • Stanford HAI, AI on Trial: Legal Models Hallucinate in 1 out of 6 (or More) Benchmarking Queries, May 2024, hai.stanford.edu
  • Help Net Security, One in four MCP servers opens AI agent security to code execution risk, May 2026, based on a Noma Security whitepaper

Comment

The reporting tool that actually works, and always has.

Every connector comes with a 14-day free trial. No credit card required, no automatic renewal. Try it at your own pace.