Promptfoo MCP Proxy is a security layer that sits between users, AI applications, and Model Context Protocol (MCP) servers. It is designed to give organizations control over which MCP servers their applications and users can interact with. Key capabilities: - MCP Server Whitelisting: Administrators can define a list of approved MCP servers that are permitted within the organization. Access to unapproved or untrusted MCP servers is blocked. - Granular Access Control: Access to specific MCP servers can be scoped to individual users or applications, enforcing least-privilege access to AI tools and data. - Real-Time Monitoring and Alerting: All MCP requests are logged and monitored. Alerts are triggered when suspicious activity is detected, including attempts to access sensitive or personally identifiable information (PII). - Centralized Security Management: Security policies, audit logs, and access controls are managed from a single dashboard, providing a unified governance interface. - Activity Logging: Detailed logs of all MCP interactions are maintained for audit and investigation purposes. The proxy is intended for enterprise environments where AI applications connect to external MCP servers, and organizations need visibility and control over those connections to prevent unauthorized data exposure or tool misuse.