UrbaHiveUrbaHive
    Artificial Intelligence

    MCP Security: Read-Only Access, GDPR & Multi-Tenancy

    Connecting an AI assistant to your IT landscape via MCP without compromising security: read-only, multi-tenant, EU hosting and GDPR compliance. See UrbaHive's approach.

    June 8, 2026
    6 min read
    F

    Frédéric Le Bris

    CEO & Co-founder

    Querying your information system in plain language — "Which applications depend on our ERP?", "What business processes go through Salesforce?" — is now possible thanks to the MCP standard (Model Context Protocol). But as soon as you talk about connecting an AI assistant to internal data, security concerns arise — and rightly so. This article addresses the most common objections raised by CIOs and CISOs, and explains how UrbaHive designed its MCP connector to stay compliant with GDPR, NIS2, and DORA.

    Why CIOs and CISOs question MCP security

    The Model Context Protocol lets a large language model (LLM) query an external data source in real time. In the context of enterprise architecture mapping, this means Claude can query your architecture repository to answer concrete business questions.

    Three concerns come up consistently:

    1. Can the AI modify my data? A poorly configured assistant could theoretically create, edit, or delete items in your architecture map.
    2. Where does data go? If the MCP server is hosted outside the European Union, your IT landscape data flows outside the GDPR perimeter.
    3. Who can access what? In a multi-tenant environment, can a compromised token expose another organisation's data?

    These are legitimate questions. They deserve precise answers, not generic reassurances.

    Principle 1: strictly read-only access

    UrbaHive's MCP connector is read-only by design. The MCP protocol exposes only GET-type operations: list applications, read a server record, query a business process. No write, update, or delete routes are exposed on the MCP side.

    In practice: even if an AI model attempted to send a modification request, the MCP server would reject it at the protocol level. This is not a configuration restriction — it is a deliberate implementation constraint.

    This design follows the principle of least privilege, recommended by European security agencies and embedded in information system security frameworks. For analytical use — understanding your IT landscape, preparing an audit, onboarding a new team member — read-only access is entirely sufficient.

    Principle 2: strict multi-tenant isolation

    UrbaHive is a multi-tenant SaaS platform. Each organisation has its own isolated data space. The Personal Access Token (PAT) generated for the MCP connector is bound to a single organisation: it can never cross tenant boundaries.

    Concretely:

    • A token generated for organisation A can only query organisation A's data.
    • Token revocation is immediate from the UrbaHive interface.
    • Token lifetime is configurable, in line with secrets management best practices.

    This architecture directly addresses the data segregation requirements set out in GDPR (Article 25, privacy by design) and in security frameworks such as ISO 27001.

    Principle 3: complete audit trail

    Every MCP call — every question asked by the AI assistant — is logged in UrbaHive's audit journal. Each log entry contains: timestamp, token identifier, queried endpoint, and the result returned (success or error).

    This traceability is essential for:

    • Demonstrating compliance during a GDPR review or NIS2 audit
    • Detecting abnormal usage (unusual request volume, out-of-context access to sensitive data)
    • Meeting requirements for logging access to personal data

    For organisations subject to DORA or NIS2, this logging directly supports the monitoring and access-reporting obligations for critical systems. We cover this in depth in our articles on NIS2 and IT mapping and DORA for the financial sector.

    Principle 4: EU hosting and data sovereignty

    UrbaHive's MCP server is hosted exclusively in European datacentres, in line with our data sovereignty commitment. No data from your IT architecture map is routed through servers outside the EU.

    This matters for organisations that:

    • Operate in regulated sectors (banking, insurance, healthcare, public administration)
    • Have adopted a sovereign cloud or EU-preference policy
    • Must justify their sub-processor chain under GDPR (Article 28, data processing agreement)

    UrbaHive can provide a GDPR-compliant Data Processing Agreement (DPA), along with the list of sub-processors involved in the processing chain.

    What MCP does not do — limits to be aware of

    Transparency requires acknowledging what the MCP connector does not cover:

    • It does not encrypt data within Claude. Once data is transmitted to the language model (Anthropic), it is subject to Anthropic's privacy policy. UrbaHive recommends not exposing personal data or classified information via MCP.
    • It does not replace a human architecture review. AI responses are a starting point, not a final decision.
    • Client-side security is out of scope. If a PAT token is stored in plain text on an unsecured device, the risk originates there.

    For more on the relationship between IT mapping and cybersecurity, see our article IT mapping and the CISO role.

    How to activate the MCP connector on UrbaHive

    Setup takes less than ten minutes:

    1. Log into your UrbaHive account and navigate to Settings > AI Connectors.
    2. Generate a Personal Access Token (PAT) — set its lifetime.
    3. Copy the provided JSON configuration.
    4. Paste it into Claude Desktop (the claude_desktop_config.json file) or into claude.ai's MCP settings.
    5. Ask your first question in plain language.

    The Starter (€29/month) and Professional (€99/month) plans include MCP connector access. The Free plan lets you test the feature with limitations.

    Conclusion

    Connecting an AI assistant to your IT architecture map via MCP can be done rigorously and securely — provided you choose an implementation that respects four principles: read-only access, tenant isolation, complete traceability, and EU hosting. That is precisely what UrbaHive has built.

    For CIOs and CISOs who want to move forward without compromising on security, UrbaHive's MCP connector offers a concrete path to AI that is useful, audited, and compliant.

    Create your free UrbaHive account and set up your MCP connector in under ten minutes.

    FAQ

    Can the MCP connector write to or modify data in UrbaHive?

    No. UrbaHive's MCP connector is strictly read-only by design. No write, update, or delete operations are exposed via the MCP protocol.

    Does my IT architecture data leave the European Union?

    Data passes through UrbaHive's MCP server, which is hosted in Europe. It is then transmitted to the language model (Anthropic), whose servers are in the United States. UrbaHive recommends not exposing personal data or classified information via the MCP connector.

    How do I revoke a MCP token if I suspect a compromise?

    From the UrbaHive interface (Settings > AI Connectors), revocation is immediate. The token is invalidated in real time; any subsequent request using that token will be rejected.

    Is the MCP audit log accessible to my security teams?

    Yes. MCP logs are integrated into UrbaHive's audit journal, accessible to organisation administrators. They can be exported for SIEM integration or to respond to an audit request.

    Is the MCP connector compatible with NIS2 and DORA?

    UrbaHive's traceability, data isolation, and EU-hosting mechanisms align with NIS2 and DORA requirements. See our dedicated guides on NIS2 and DORA for a full breakdown.

    Internal links:

    Tags:
    MCP
    security
    GDPR
    read-only
    compliance

    Ready to transform your IT management?

    Discover how UrbaHive can help you.

    Free Trial