Security is a priority for MontyCloud’s infrastructure and customer operations. This document provides an overview of the security architecture, protocols, and practices related to the MontyCloud Communications Protocol (MCP) Server. MontyCloud is committed to applying industry-recognized security standards in support of the integrity, confidentiality, and availability of our services.

Cloud-Hosted Architecture

The MontyCloud MCP service is a cloud-hosted solution, accessible at the api.montycloud.com endpoint. This architectural approach does not require local “stdio” MCP server code to be run on customer environments, which reduces the attack surface associated with on-premises software. This design is intended to mitigate risks such as local file exposure, malicious code execution, and prompt injection that can be associated with locally-run binaries.

Adherence to Published Standards

The MCP server is designed for compliance with the MCP specifications (MCP Spec v2025-06-18). Adherence to this published standard is intended to facilitate interoperability and reliability when interacting with the service. This approach uses a defined specification as its foundation, with the understanding that standards and implementations evolve over time.

Secure Communication Protocol

The server utilizes the streamable HTTP transport mechanism. Data in transit between a tool and the server endpoint is encrypted using TLS (Transport Layer Security). This is a measure used to aid in the confidentiality of information during transmission. This protocol is designed for handling data streams.

Authentication Framework

Access to the MCP server is controlled via an API Key and Secret Key combination. The authentication process leverages the following AWS services:

• AWS API Gateway: Manages and routes incoming API requests.
• AWS Cognito: Functions as the identity provider for authentication.

This framework is designed to permit access only from authenticated tools and to mitigate against unauthorized access by associating each request with a user identity.

Authorization & Principle of Least Privilege

The authorization model utilizes the principle of least privilege and is managed through the MontyCloud DAY2™ platform. The permissions granted by an API key are tied to the specific user identity it was generated for within the platform. This access control model is designed to mitigate risk by limiting an identity’s permissions to those configured for the associated user.

Infrastructure Controls

The MCP server is subject to the same infrastructure security controls as our core API services. These controls include:

• Rate Limiting: Rate limiting is implemented on API requests as a control against certain usage patterns.
• Web Application Firewall (WAF): A WAF is used to inspect and filter traffic to the endpoints.

These controls are components of the security and availability strategy for the service. The specific technologies and configurations are subject to change based on the evolving threat landscape and technological advancements.

We are dedicated to a transparent and proactive approach to security. If you have any questions or require further information regarding our security practices, please do not hesitate to contact our security team at security@montycloud.com