Interpretable AI for Smart City Cloud Security: A Model Context Protocol Framework for Real-Time IoT Threat Detection
Amal Aldhamari, Shikun ZhouSmart city infrastructures increasingly depend on cloud platforms processing data from billions of IoT devices, managing critical urban services. With IoT connections reaching 1.3 billion globally and cloud attacks rising 75% year-over-year, security breaches threaten public safety. However, traditional AI threat detection systems operate as “black boxes,” preventing municipal stakeholders from understanding automated alerts. This paper presents an interpretable AI framework based on Model Context Protocol (MCP) that bridges automated threat detection with human-centered decision support. Using 1.9 million authentic AWS CloudTrail events, including a 1.3 million-event cryptocurrency mining campaign, we achieved 84.2% detection accuracy (96.8% on real attacks) while generating plain-language threat narratives suitable for diverse stakeholders. The Random Forest classifier with MCP layer provides real-time detection (<13 ms latency) and actionable intelligence (2.3 s explanation generation), meeting smart city operational requirements. SIEM integration enables immediate deployment in municipal Security Operations Centers. This production-ready framework demonstrates that interpretability and accuracy are complementary, not competing, objectives in smart city security.