Govern the MCP Servers Your Employees Use.
Employees are connecting Claude, Cursor, and ChatGPT to third-party MCP servers faster than IT can review them. MCP Gateway is the access layer in between — a central catalog of approved servers, per-role RBAC, SSO, and an audit log for every tool call.
Team Access Catalog
Recent Calls
Join the MCP Gateway beta.
We're onboarding 15 design partners this quarter. Tell us what employee access you need to govern and we'll follow up within 48 hours.
Prefer email? mcp-gateway@zuplo.com
The Problem
Employees are adopting MCP faster than IT can review it.
Claude Desktop, Cursor, ChatGPT, and the next wave of AI clients all let users connect MCP servers in a few clicks. Your people are wiring up Linear, GitHub, Notion, Stripe, and internal servers without a security review, shared credentials, or an audit log. The result: sensitive tools exposed to AI agents, per-employee OAuth tokens scattered across desktops, and zero visibility into what's getting called.
What's in the beta
IT owns the access. Employees get the tools.
Central catalog of approved servers
Security reviews an MCP server once. Once approved, it shows up in the Gateway for anyone with the right role — no more one-off installs across laptops.
Per-role / per-team RBAC
Engineering gets GitHub and deployment tools. Finance gets Stripe and QuickBooks. Support gets your helpdesk tools. Nothing crosses over unless IT says so.
SSO in, credentials brokered out
Employees authenticate to the Gateway with your SSO / OIDC provider. The Gateway brokers per-server credentials — shared service accounts or per-user OAuth — so employees never paste raw tokens into their AI client.
Audit log for every tool call
Stream every MCP invocation to your SIEM. Who called what tool, with what inputs, from which employee, through which AI client.
Block unsanctioned servers
Turn off an MCP server across the whole org the moment a vulnerability drops. Deprecate without chasing individual installs.
Virtual MCP servers
Expose a curated subset of tools from one or more approved servers. Give Finance a read-only QuickBooks view without forking the upstream server.
AI Chat
My Tools
Who the beta is for
Are we a fit?
IT & platform leaders
You rolled out Claude, ChatGPT, or Cursor org-wide. Now your job is giving employees the MCP tools they need — without losing visibility.
Security teams with compliance needs
SOC 2, HIPAA, ISO 27001. You need a tool-level audit log and an approval workflow, not trust-by-default from every employee's laptop.
Companies standardizing on AI clients
Multiple teams on multiple AI tools, each wiring up their own MCP servers. You want one control plane across all of them.
Available today
Building an MCP server, not governing one?
Different product. Zuplo's MCP Server feature is GA inside the API Gateway — it auto-generates an MCP server from your OpenAPI definition so agents can call your product. MCP Gateway is about the other side: controlling which servers employees can reach. No waitlist for MCP Server.
Frequently Asked Questions
Learn about API management and how Zuplo helps your team build better APIs.
Want a demo of Zuplo? Talk to an API expert
Put IT back in front of MCP.
Request early access to the Gateway — we'll follow up within 48 hours.