Enterprise-Ready Security Controls
This page summarizes the hosted security controls behind Smplify MCP in a way security reviewers and technical buyers can evaluate quickly. It is intentionally lighter than the internal control-mapping documentation and focuses on the controls customers care about during rollout.
Hosted transport controls, auditability, tenant-aware design goals, and release hygiene for the Smplify MCP gateway.
What this page covers
Transport and boundary protections
HTTPS enforcement, HSTS, CSP, clickjacking protection, DNS rebinding defense, request-size guards, and browser-safe response headers on the hosted surface.
Authentication and token handling
Per-request bearer-token forwarding, URL-token auth blocked by default, failed-auth throttling, readiness for issuer/audience-bound JWT validation when upstream Smplify auth is ready, and a connector-ready design that keeps any temporary upstream bearer-token bridge inside a dedicated encrypted vault.
Auditability and monitoring
Structured audit events, request correlation IDs, redaction of sensitive values, centralized export, and current Smplify-operated audit sink delivery.
Release and operational assurance
Security regression tests, dependency audit, Bandit, SBOM generation, release provenance workflows, and deployment hardening guidance in the repository.
Control areas supported today
- Encrypted transport and browser security headers on the hosted gateway
- Tenant-scoped execution using the caller’s own bearer token
- Redis-backed rate limiting and repeated failed-auth throttling
- Audit logging with redaction and request correlation IDs
- Prompt-injection-aware response sanitization before tool output reaches the model
- SSRF-safe validation for configured outbound audit webhooks
- Read-only mode and destructive-operation gating for higher-assurance deployments
- Connector-ready architecture with explicit-tenant write guardrails and an encrypted vault bridge for future OAuth-connected clients
Enterprise review readiness
Smplify MCP is built to support common enterprise control expectations across areas such as transport security, access control, auditability, change traceability, operational hardening, and release hygiene.
That makes it easier to evaluate during security questionnaires, vendor reviews, and internal AI governance rollouts. When deeper diligence is needed, Smplify can support a formal review with additional architecture and control documentation.
Multi-tenant safety
The hosted gateway is designed so each request runs with the caller’s own bearer token and tenant-scoped permissions. For audit export, Smplify’s long-term design direction is tenant-scoped routing and destination ownership so one customer cannot receive another customer’s events.
That tenant-scoped audit export design is a current architecture priority and is intentionally treated as a productized Smplify capability rather than a customer-managed infrastructure setting.
When deeper detail is needed
Use this page for the public summary, then pair it with the live controls on /security and the safe-usage guidance on /security-best-practices. For deeper diligence, Smplify can also use its internal control mapping and architecture docs during a security review.