MCP governance audit hardens a third-party agent platform

The brokerage's compliance officer was preparing for an E&O audit and could not articulate, to herself or to the auditor, how the vendor's MCP layer authenticated, isolated tenants, logged activity, or defended against the known MCP CVEs. Independent technical review was needed.

What we found

• Auth: the platform was using a single shared API key per brokerage tenant rather than per-user OAuth. Below industry baseline for 2026.
• Tenant isolation: adequate — re-verified on each call.
• Audit logging: incomplete. Tool calls were logged but tool responses were not, breaking the auditor’s ability to trace what data flowed where.
• Tool-injection defense: none. Any change to a tool description after install would silently change agent behavior. No alerting.
• Scope creep: three tools the brokerage didn’t need (a “delete record” tool on Applied Epic) — pure attack surface.
• Secrets handling: shared API key stored in the vendor environment, not the brokerage’s. Single-vendor-breach blast radius.
• Version drift: running MCP servers ~6 months behind current spec, missing the OAuth 2.1 + PKCE upgrade.

Remediation plan delivered

• P0: disable unused tools at the vendor’s MCP surface; add tool-definition change alerting.
• P0: enable per-user OAuth on the vendor’s roadmap; in the interim, scope the shared key to read-only on sensitive endpoints.
• P1: full request and response logging within 60 days.
• P1: upgrade to current spec within 90 days.

The commercial reality

Most of the value we deliver in MCP governance work is naming risks the operator didn’t know existed. The CVE landscape (CVE-2025-6514 in mcp-remote, CVE-2025-49596 in MCP Inspector), the OAuth 2.1 transition, the audit-log gaps, the confused-deputy class of bugs — none of these are obvious from the vendor’s marketing page.

Seven failure modes identified across the vendor's MCP deployment, four marked P0/P1. Remediation negotiated into the renewal contract. No E&O audit findings related to the platform. Brokerage subsequently engaged us for an $1,800/month ongoing governance-monitoring retainer.