Enterprise compliance tools face a paradox: to find sensitive data, they scan everything, exposing the very data they exist to protect. I built a system that resolves this using MCP filesystem access.
The architecture works in three phases. Claude Sonnet connects via the Filesystem MCP server and analyzes directory structures, naming conventions, and metadata to infer system purpose, without reading file contents. It then generates risk scores and isolates the 1-5% of files that warrant inspection. Only those files undergo content scanning with contextual validation.
On a real codebase of 7,355 files, the system scanned 6 (0.08%), flagged one PCI violation, routed two for review, and cleared three, in under 30 seconds.
This talk covers the integration patterns, what filesystem metadata reveals about compliance risk, how contextual validation eliminates false positives, and why the architecture supports local LLM deployment. I will share results from three machines, failure modes, and lessons learned.