MCP Governance
Overview
MCP Governance lives under AI Shield in Bastion. It inventories every MCP server employees connect to their AI clients, flags risky usage such as token exposure, and lets security teams enforce allow and block policies by transport and connection parameters.
The MCP Dashboard
The dashboard gives a fleet-wide view of MCP activity:
| Column | Description |
|---|---|
| Total MCP servers detected | Every unique server observed across devices and users |
| Security issues | Token exposure, credential leaks, and other risks |
| Active users | Users with at least one MCP connection |
| Transport | stdio, http, or sse |
| Clients | Which AI clients (Claude Desktop, Cursor, etc.) are connected |
| Devices | Number of enrolled devices using the server |
| Policy | Allow or block, derived from your rules and default policy |
Detection requires the Bastion device agent. See Devices to enroll.
Default Policy
Each organization has a global default that applies to any MCP server not matched by an explicit rule:
- Allow new servers — any MCP server is permitted unless a block rule matches
- Block new servers — no MCP server is permitted unless an allow rule matches
Set the default in AI Shield → MCP → Settings.
Rules
Rules let you override the default policy for specific MCP servers. Each rule has a name, an action, and matching criteria.
Rule Fields
| Field | Type | Notes |
|---|---|---|
| Name | string | Human-readable identifier |
| Action | allow | block | What happens when the rule matches |
| Transport | stdio | http | sse | Determines which connection parameters are relevant |
| Command (stdio) | string | For example npx, node, docker |
| Args (stdio) | string | Optional, for example @modelcontextprotocol/server-filesystem |
| URL (http, sse) | string | For example https://api.github.com/mcp |
Example Rules
Allow the GitHub MCP
Transport: http, URL: https://api.github.com/mcp, Action: allow.
Block a filesystem MCP
Transport: stdio, Command: npx, Args: @modelcontextprotocol/server-filesystem, Action: block.
Creating a Rule
Open AI Shield → MCP
Navigate to AI Shield, then the MCP tab.
Click Add Rule
In the rules panel, open the rule form.
Pick a transport
Choose
stdio,http, orsse. The form shows only the fields relevant to your choice.Fill in the parameters
Add the command and args, or the URL, plus a descriptive name.
Set the action
Choose Allow or Block and save.
Rules can be edited or removed at any time from the same panel.
Activity Monitoring
For every MCP call observed on enrolled devices, Bastion records:
| Field | Example |
|---|---|
mcp.method | tools/call |
mcp.tool_name | search_issues |
mcp.resource_uri | github://repo/foo/issues |
mcp.server_name | github-mcp |
mcp.result | Tool output |
These signals power dashboards, alerts, and audit trails so you can prove to auditors how AI tools are being used inside the organization.
Use Cases
Prevent shadow AI
Set the default policy to block, then explicitly allow only MCP servers that have been reviewed and approved by your security team.
Prevent credential exfiltration
Review the security issues column on the dashboard for token exposure findings, then block the offending server and rotate the leaked credential.
Audit AI usage
Export MCP activity as evidence for SOC 2 or ISO 27001 audits covering AI tool usage and data access.
Roll out an approved MCP catalog
Start with allow as the default, observe for a few weeks which MCP servers employees install, then switch to block by default with an allow list of the servers you sanction.