Small-business-banking · Guide

Grasshopper vs. Slash: The First US Banks With MCP Servers for AI Agents

Grasshopper Bank launched the first Model Context Protocol server by a U.S. bank in August 2025, read-only. Slash went further in March 2026 with a read-and-write MCP server that can send payments. Here's how the two compare.

·Jul 7, 2026·6 min read
Rate data reviewed recently·Methodology →
August 2025
Grasshopper Bank + Narmi launch the first MCP server by a U.S. bank
Forbes, The Financial Brand
March 2026
Slash launches a read-and-write MCP server
Slash company blog
!The Bottom Line

Grasshopper Bank was first to market with a bank MCP server, in August 2025, but scoped it deliberately narrow: read-only account queries through Claude. Slash followed in March 2026 with a materially more capable, multi-client, read-and-write server that can actually move money, gated behind human approval. Both are self-announced by the companies involved rather than independently audited, and both are genuinely new infrastructure, worth watching rather than treating as a fully proven standard yet.

How to choose

What to weigh before you pick

It usually comes down to 3 things. Compare your options on each before deciding.

Cost

The all-in price, including fees that are easy to miss.

Features

What each option actually does for your situation.

Fit

Which one matches how you will really use it.

Key Takeaways
  • Grasshopper Bank launched the first Model Context Protocol server by a U.S. bank in August 2025, scoped deliberately to read-only account queries through Claude.
  • Slash launched a materially more capable MCP server in March 2026 that is read-and-write, letting a connected AI agent create cards, send payments, and issue invoices, gated behind explicit human approval.
  • Both integrations are self-announced by the companies involved and not yet independently audited by banking regulators or major tech press, worth treating as early, genuinely new infrastructure rather than a mature standard.

The Model Context Protocol, an open standard for connecting AI assistants to external data and tools, has moved from a developer curiosity into actual bank products faster than most banking infrastructure typically changes. Two companies have now shipped MCP servers that let an AI agent talk directly to a business bank account, and they took meaningfully different approaches to how much the agent is allowed to do.

Grasshopper Bank: First, and Deliberately Narrow

Grasshopper Bank, a directly chartered national bank, partnered with banking-technology vendor Narmi to launch what Forbes and The Financial Brand both reported as the first Model Context Protocol server deployed by a U.S. bank, in August 2025. The integration is built specifically around Claude and is scoped to read-only access: a connected agent can answer natural-language questions about account balances and transaction history, but it cannot initiate a payment, move money, or take any action on the account.

That narrow scope is a reasonable first move for a chartered bank introducing an entirely new access pattern to customer financial data. It proves the underlying concept, natural-language queries against real account data through a standard protocol, without exposing any new attack surface on the money-movement side. We've referenced this integration in our Grasshopper Bank vs. Mercury comparison, where it stands out as a genuine infrastructure differentiator against Mercury's more conventional dashboard-and-API model.

Slash: Seven Months Later, Read and Write

Slash, a business banking fintech that reached unicorn status with a $1.4 billion valuation in an April 2026 funding round, went further. Its MCP server, live since March 2026, is explicitly read-and-write. Per Slash's own announcement, a connected agent, through Claude, ChatGPT, Cursor, or any MCP-compatible client, can create virtual cards and set spend limits, send payments across ACH, wire, RTP, or crypto rails, create and send invoices, and query transaction data directly.

Watch Out: Slash's MCP server is explicitly multi-client, supporting Claude, ChatGPT, and Cursor rather than one AI provider exclusively. If you're evaluating this specifically for a Claude-based workflow, confirm current compatibility directly, since multi-client support can mean different feature parity across clients.

That is a genuinely different risk posture than Grasshopper's read-only design, and Slash's own materials address it directly: agents can draft and submit actions, but nothing executes without the account holder's explicit sign-off, and card numbers are tokenized so a connected agent never has direct access to raw card data. Slash frames this specifically as protection against prompt injection, stating that an agent never has unilateral control over funds, so a manipulated or compromised agent conversation can't directly drain the account without a human approving the specific action.

Separately, Slash also launched a distinct, proprietary in-app assistant called Twin in April 2026, accessible through chat, Slack, or text. Twin appears to be a separate branded product layer built on top of Slash's own infrastructure rather than the MCP integration itself, worth not conflating the two if you're evaluating either specifically.

Comparing the Two

Grasshopper BankSlash
LaunchAugust 2025March 2026
Access scopeRead-onlyRead and write
AI client supportClaudeClaude, ChatGPT, Cursor, other MCP clients
Can send paymentsNoYes (ACH, wire, RTP, crypto), with human sign-off required
Can create/manage cardsNoYes, with spend limits
Entity typeDirectly chartered national bankBusiness banking fintech (deposits held at partner bank Column, N.A.)

What This Means, and What to Watch

Neither of these integrations has been independently audited by a banking regulator or reviewed at length by major financial-technology press; both are self-announced by the companies involved, through their own blogs and product documentation. That doesn't make the claims false, we verified both against primary company sources directly, but it does mean this is genuinely new infrastructure without years of adversarial testing behind it yet, and a business evaluating either should treat it accordingly: useful, real, and worth watching, not yet a fully proven category with an established security track record the way API-based banking access has built up over the past decade.

For a company deciding whether AI-agent banking access is worth adopting today, the practical distinction is straightforward: Grasshopper's read-only model is close to zero-risk since an agent literally cannot move money, useful if you just want faster, natural-language access to your own account data. Slash's read-and-write model is materially more useful for actually automating financial operations, but it requires trusting both the human-approval gate and the underlying tokenization to hold up as promised, a reasonable bet given the stated safeguards, but a genuinely different risk decision than Grasshopper's.

Sources checked

Next scheduled verification: 2026-08-07

This is educational information, not personalized financial or security advice. AI-agent banking integrations are new and evolving quickly; review each provider's current security documentation directly before connecting an agent to a real account.

What to Do Now

1
If evaluating either integration, request current security documentation directly from the provider rather than relying solely on marketing blog posts, including how prompt-injection risk is specifically mitigated.
📬Get startup banking technology updates alerts

Weekly brief + instant notifications when rates move for you

Frequently Asked Questions

What was the first U.S. bank to launch a Model Context Protocol server?
Grasshopper Bank, in partnership with banking-technology vendor Narmi, launched what Forbes and The Financial Brand reported as the first Model Context Protocol server deployed by a U.S. bank, in August 2025. It lets Claude answer read-only natural-language queries against a customer's account data.
What can an AI agent actually do through Slash's MCP server?
More than read data. Slash's MCP server, live since March 2026, is read-and-write: a connected agent can create virtual cards and set spend limits, send payments over ACH, wire, RTP, or crypto rails, create and send invoices, and query transactions, through Claude, ChatGPT, Cursor, or any MCP-compatible client. Every action requires explicit human sign-off before it executes.
Is it safe to connect an AI agent directly to a business bank account?
Slash's design specifically addresses this: agents can draft and submit actions, but nothing executes without the account holder's explicit approval, and card numbers are tokenized so an agent never sees raw card data. That said, MCP-connected banking is new, self-announced by both companies rather than independently audited by banking regulators, and worth treating as an emerging capability rather than a fully battle-tested standard.
Does Grasshopper's MCP server work with ChatGPT or other AI assistants, not just Claude?
Grasshopper's server was built specifically around Claude. Slash's, by contrast, is explicitly multi-client, supporting Claude, ChatGPT, Cursor, and other MCP-compatible agents, rather than being tied to one AI provider.
Next step
Find your best money move in 90 seconds.

Answer a few questions about your situation and goals. Money Map points you to the highest-value next step across savings, mortgage, cards, and debt.

Editorial review

What changed since the last update

Reviewed dataRate references, product links, and dated claims were checked against current SwitchWize sources.
Updated contextRelated calculators, Money Map paths, and offer links were refreshed for this article topic.
StandardsReviewed under the SwitchWize editorial policy. See standards →

Was this guide helpful?