Discover, govern, and audit MCP servers in one place—instead of chasing random configs across GitHub and internal wikis.
Architecture
CuratedMCP is your control plane: policies, deployment configs, audit logs, and user management — applied uniformly across Claude Code, Cursor, Windsurf, Copilot, and Gemini. Your MCP servers and AI assistants run in your infrastructure. Policies sync down, data never leaves.
curatedmcp.com
Your AWS/Azure/GCP VPC
Zero data residency concern: API credentials, tool arguments, and responses never touch CuratedMCP servers. Only policy metadata and audit facts (tool name, user, timestamp, status) are logged.
CuratedMCP is only the control point. All sensitive data, API responses, and credentials stay in your infrastructure.
Change policies in the CuratedMCP dashboard. Updates sync to your data plane within seconds, no restart required.
Full audit trail of all MCP access. Export logs for SOC 2, ISO 27001, or HIPAA audits.
Remove access to a server or user from the admin panel. Takes effect immediately across all devices.
The problem
Every engineer with Claude Desktop or Cursor has likely installed MCP servers you've never audited.
Today — without governance
Developers self-install anything
Engineers pull MCP servers directly from GitHub with no IT approval — giving AI assistants access to production GitHub repos, Stripe keys, Slack, and databases.
Zero visibility
IT has no idea which MCP servers are running on developer laptops, what credentials they hold, or what data they can access.
No off-boarding process
When an engineer leaves, their locally installed MCP servers keep running with their production credentials until someone notices.
No audit trail
Nothing is logged. No evidence of what tools accessed what data. No compliance story for SOC 2 or ISO 27001.
With CuratedMCP Enterprise
Pre-approved catalog
IT selects from 50+ security-reviewed servers. Engineers pick only from what's allowed — nothing else installs.
Read-Only server filter
Filter the entire catalog to only show Read-Only servers in one click — eliminating 90% of CISO anxiety without writing a single line of proxy code.
Team Config URL
One URL for your whole team: curl it to get an always-up-to-date MCP config. When you remove a server, every developer's next reload reflects it instantly.
One-click org deployment
Distribute one universal config to your entire team. Every engineer gets the same approved setup in minutes.
Full audit log
Every tool call, every access, every change — logged and exportable for compliance requirements.
Instant revocation
Remove a server or a user's access from the admin panel. Takes effect immediately across the org.
The solution
IT selects from 50+ security-reviewed MCP servers. Every server has passed a human code audit for secrets exposure, injection vulnerabilities, and unsafe network access. Developers pick only from what's approved.
One configuration snippet. Your entire dev team gets the same approved setup — no individual installs, no config drift. New servers added to the catalog appear for all engineers instantly.
Every tool call logged with timestamp, user identity, and status. PII and secrets auto-redacted before tools fire. High-risk operations require human approval via Slack or Teams. Export reports for SOC 2, ISO 27001, or internal reviews.
How it works
Log into CuratedMCP, browse the security-reviewed server library, and select which MCP servers your team is approved to use. Set version pins and access policies.
Your team profile generates one URL — e.g. curatedmcp.com/api/teams/acme/config. Developers curl it to get your approved MCP config. When you remove a server from the profile, the next reload reflects it instantly — no MDM, no re-deployment.
Watch usage in the admin dashboard. Revoke access for specific users or servers in one click. Pin server versions to prevent silent updates. Export audit logs on demand.
Why us
CuratedMCP is not Anthropic, not Microsoft, not AWS. We're a neutral party with no incentive to push specific tools. Your CISO can trust the catalog reflects security merit, not vendor relationships.
Works with Claude, Cursor, Windsurf, Claude Code, OpenAI Agents, and Gemini CLI — all six major MCP clients. Your governance layer doesn't break when your team switches AI tools.
Every server in the catalog was read by a human engineer. We reject auto-scraped noise. The catalog is intentionally small — because reliability matters more than volume.
Example workflows
Connect help desks (Zendesk, Intercom), internal knowledge bases, and ticketing tools so agents can resolve issues faster without leaving their AI assistant.
Wire data warehouses, dashboards, and metrics tools into MCP so analysts can ask questions in natural language—with guardrails on what data they can access.
Tie together GitHub, CI/CD, observability, and incident tools via MCP servers so developers can manage workflows directly from Claude, Cursor, or Windsurf.
Works with what you have
CuratedMCP does not replace your AI platform. Instead, it acts as the MCP layer underneath tools like Claude, Claude Code, Cursor, Windsurf, OpenAI, and Gemini.
Your teams continue using their preferred AI interfaces, while CuratedMCP standardizes which MCP servers they can access and how they are configured—so your governance layer doesn't break when your team switches AI tools.
Already running Anthropic's MCP Tunnels for Claude? CuratedMCP sits above the transport layer: tunnels move bytes, CuratedMCP decides which servers are allowed, who can use which tools, and keeps a unified audit log across every IDE your engineers run.
Security features
Pre-vetted server catalog
Every server audited by a human engineer before inclusion. No auto-scraped junk.
Risk-level filtering
Every server is tagged: Read-Only, Read/Write, Executes Commands, or Network Egress. Filter the catalog to only show Read-Only servers and eliminate 90% of CISO anxiety instantly.
Team Config URL
One live URL that returns your team's approved MCP config. Revoke a server in the admin panel — every developer's next config reload reflects it. No MDM required.
Zero-retention logging
We log metadata only — tool name, user, timestamp, status code. Never input values or API response payloads. On by default.
PII & secret auto-redaction
The gateway automatically detects and masks patterns like AWS keys, SSNs, and credit card numbers in tool arguments before they leave your firewall.
Human-in-the-loop approvals
High-stakes tools (delete_user, execute_trade, modify_payroll) trigger a Slack or Teams approval request. The AI waits. A human approves or denies. Only then does the tool execute.
Self-hosted / VPC deployment
Run the gateway entirely in your own AWS, Azure, or GCP account. We ship the software. Your data never leaves your infrastructure.
Access revocation
Remove any server or user's access instantly from the admin panel.
SSO / SAML
Connect to Okta, Azure AD, or Google Workspace for unified access management.
SOC 2 + audit export
Structured audit logs exportable as CSV or PDF for SOC 2, ISO 27001, or internal security reviews.
FAQ
How is this different from Anthropic's MCP Tunnels?
Anthropic's MCP Tunnels (currently in beta) solve transport — they let Claude reach an MCP server inside your private network without opening inbound ports. They are Claude-only and work with Managed Agents and the Messages API. CuratedMCP operates a layer above that: a policy and governance plane that works across Claude Code, Cursor, Windsurf, Copilot, and Gemini. Tunnels decide how bytes get to a server; CuratedMCP decides which servers are approved in the first place, who can use which tools, pins versions, captures a unified audit log across every IDE, and runs the OpenAPI-to-MCP converter for your internal APIs. The two are complementary: if you've deployed tunnels for Claude, CuratedMCP plugs in alongside them and extends the same governance to the rest of your AI stack.
Will CuratedMCP see our internal data or API responses?
No. Zero-retention logging is on by default: we log metadata only — which tool was called, by whom, when, and whether it succeeded. We never log input parameter values or API response payloads. For companies with strict data residency requirements, the self-hosted deployment option runs the gateway entirely inside your own VPC — your API keys and data never leave your infrastructure. Your CISO gets the policy dashboard and audit visibility; we never touch the data plane. A Docker Compose deployment that works inside any AWS, Azure, or GCP account is on the near-term roadmap. Request a briefing to discuss your specific requirements.
What exactly is an MCP server?
MCP (Model Context Protocol) is an open standard that lets AI assistants connect to external tools and data sources. An MCP server is a small program that exposes tools — like reading a GitHub repo, querying a database, or sending a Slack message — directly into AI clients like Claude or Cursor. They're already widely used by engineering teams, often without IT awareness.
How does your security review work?
A human engineer reads the server's source code and checks for: exposed secrets or credentials, unsafe network calls to external endpoints, injection vulnerabilities in tool inputs, and correct MCP specification compliance. Servers that pass are marked Certified. We re-review when authors push major updates.
Can we connect our own internal APIs, not just public MCP servers?
Yes — this is one of our core enterprise features. Paste your internal API's OpenAPI/Swagger URL into the API Converter tool and get a working MCP server in 30 seconds. The hosted gateway then runs that server with RBAC and audit logging, so your engineers can use AI tools against your internal data without writing any integration code.
What's the timeline for the hosted gateway and self-hosted deployment?
The hosted gateway (RBAC, audit logs, Okta/AAD SSO) is our near-term priority. Self-hosted deployment — a Docker Compose package that runs the full gateway inside your own AWS, Azure, or GCP VPC — follows shortly after. The control plane (policies, RBAC rules, audit log dashboard) remains on curatedmcp.com; the data plane runs in your network and phones home only to sync rules, never to relay data. Request a briefing and we'll share the roadmap and can prioritise based on your compliance requirements.
What happens when an AI tries to call a high-risk tool like 'delete_user' or 'execute_trade'?
The gateway intercepts the call and triggers a Human-in-the-Loop approval gate instead of executing immediately. It sends a structured message to your Slack or Microsoft Teams #ops-approvals channel showing the agent identity, tool name, and exact parameters. A human clicks Approve or Deny. Only if approved does the gateway resume execution and return the result to the AI. This prevents prompt injection attacks — where an attacker tricks an AI into taking a destructive action — from ever reaching your systems.
How do we get started?
Request a Security Briefing using the form below. We'll schedule a 30-minute call with your CTO or security team, walk through your current MCP exposure, and show you exactly what the governance layer looks like for your stack. No commitment required.
Get in touch
If you're evaluating MCP or already experimenting with servers in production, we can help you roll it out in a secure, governed way. Book a 20-minute call and see how other teams are using CuratedMCP.