Another day, another MCP server: How to monitor remote MCP server connections with Nudge Security

Anthropic’s release of the Model Context Protocol (MCP) in late 2024 was the start of a new chapter in AI, one that moves beyond  generative chatbots to a fast-approaching future of AI agents and agentic workflows interacting with your business data and systems. Since then, it seems as though every B2B SaaS provider has raced to launch their own remote MCP servers, extending their legacy SaaS apps to support interconnectivity with modern AI assistants and agents.

‍

In recent months, we’ve seen major players like Github, Atlassian, Slack, Notion, Google Workspace, and more release MCP servers to support the rise of agentic AI. Rest assured, your employees are taking advantage of this new functionality to work smarter and faster using tools they already know. But each connection gives AI tools easy access to your corporate SaaS data.

‍

In this piece, we’ll cover what the Model Context Protocol is, how a remote MCP server accesses your SaaS data, and the new attack surface this creates. Most importantly, we'll show how Nudge Security’s new release gives you the visibility to answer the critical question: Which MCP server connections exist in my environment, and what can they do with my data?

‍

What is an MCP server?

Model Context Protocol (MCP) standardizes how AI systems interact with external data and tools. An MCP server provides an AI assistant with useful tools and resources: context and data—often your corporate data—necessary to complete any number of asks or tasks on behalf of the end user. For example:

‍

A salesperson wants to quickly identify the number of closed-won deals from the last six months from their CRM using an AI tool like Claude or ChatGPT. Using an MCP server connection, the server securely queries the database, retrieves the needed information, and passes the data back to the AI.

‍

There are two primary types of MCP servers. Remote MCP servers, which are typically hosted by the SaaS provider, connect the MCP client within an AI tool (like ChatGPT or Claude) to business-critical applications (such as Google Drive, Salesforce, or Notion) and are authorized via OAuth. This differs from local MCP servers, which run directly on a device to grant AI agents access to local files, databases, or development environments.

‍

MCP servers provide data to the protocol connectors (MCP clients) within your AI tools, granting the permissions needed to read documentation, search databases, or act on your behalf.

‍

The familiar mechanism (and risk) of the OAuth grant

Most MCP connections are authorized using the OAuth framework. When an employee connects an AI agent or tool to a SaaS application via MCP, they complete a standard OAuth grant workflow.

‍

Just as an employee logs into their everyday SaaS tools using Google Workspace, they can use the same familiar authentication method to connect AI systems via MCP. This low-barrier flow requires no API tokens to copy and paste, making it fast and simple for employees to extend their own data access permissions to AI assistants—often without IT's knowledge or oversight.

‍

While the OAuth mechanism is familiar, the context is new, and introduces a new risk surface. Unlike typical app-to-app integrations, these are "data highways" for AI agents and tools. The risk surface evolves in a few key ways:

• Data exfiltration: MCP servers create a direct pipeline for AI tools to access sensitive data. If an unmanaged AI tool or agent is compromised, it could use these authorized connections to exfiltrate private data to an attacker’s endpoint.
• Scope creep: MCP connections often request broad permissions to allow the agent to  work properly, often granting read/write access to entire repositories or drive folders without the user fully grasping the "blast radius" or enforcing least-privileged access principles.
• Shadow AI agents: Employees are effectively creating a "shadow workforce" of non-human identities with persistent access to sensitive data.

‍

How Nudge Security helps detect and manage MCP server connections

In order to address this new and rapidly expanding risk surface, Nudge Security has extended its proven OAuth risk management capabilities to specifically detect and inventory risky MCP server connections, giving you the visibility needed to see what connections exist in your environment.

‍

Here’s how:‍

1. ‍MCP server detection: We automatically detect OAuth grants that are powering MCP server integrations using our browser extension. Whether it's a developer connecting Cursor to GitHub or a marketer connecting ChatGPT to Notion, Nudge Security surfaces these connections alongside your other OAuth grants.‍
2. New OAuth risk insight: We don't just list the connection; we give you context. Our new MCP server connection risk insight flags these types of integrations, helping you distinguish between a standard app connection and one that is powering an AI agent or tool.‍
3. Full scopes and permissions: Drill down into the exact permissions granted. Is the agent allowed to read your code, or can it push changes? Nudge Security maps these MCP connection scopes so you can assess the true risk.
4. API key detection: Since many MCP servers still rely on long-lived static secrets like API keys instead of OAuth, Nudge Security also detects and inventories these credentials, ensuring you have visibility into non-OAuth connections as well.

‍

‍

Conclusion

The rapid rise of MCP services that extend access to your corporate SaaS data is reshaping the security landscape faster than many can contend with. The reality for most organizations today is that the AI functionality your workforce is experimenting with right now centers on your existing SaaS ecosystem.

‍

Because SaaS-to-AI MCP connections are established through simple, familiar OAuth grants, they are easy for employees to adopt, but easy for IT and security to miss. This simplicity of connection, combined with the untenable volume of new servers, presents the most immediate risk to data and AI security governance: a shadow layer of authorized data access that exists outside your visibility or governance control.

‍

It’s time to bring the same level of visibility and governance to your AI supply chain that you demand for the rest of your business technology estate.

‍

Get the full picture of MCP connections powering your AI agents and tools in your environment today. Start your free 14-day trial of Nudge Security.