We share Cloudflare's internal strategy for governing MCP using Access, AI Gateway, and MCP server portals. We also launch Code Mode to slash token costs and recommend new rules for detecting Shadow MCP in Cloudflare Gateway.

Cloudflare's platform is a leading provider of internet security and performance solutions, offering insights into web security, content delivery, and DNS management. Through documentation, blog posts, and webinars, Cloudflare provides insights into protecting websites and applications from cyber threats and improving performance. Developers and IT professionals can learn about CDN (Content Delivery Network), DDoS mitigation, and firewall configurations to secure and accelerate web traffic.

Cloudflare

Cloudflare shares its internal reference architecture for enterprise-wide MCP adoption, covering how they govern, secure, and optimize agentic AI workflows across the company. Key components include centralized remote MCP servers deployed on Cloudflare Workers, Cloudflare Access for OAuth-based authentication, and MCP server portals for unified discovery, DLP enforcement, and audit logging. They launch 'Code Mode' for MCP server portals, which collapses all tool definitions into two tools (search and execute), reducing token consumption by up to 94% as tool counts scale. AI Gateway is used to mediate LLM access and enforce cost controls. For shadow MCP detection, Cloudflare Gateway can scan HTTP traffic using hostname patterns, URL paths, and DLP regex rules targeting JSON-RPC MCP method fields. The post also covers securing public-facing MCP servers with the Cloudflare WAF and AI Security for Apps to detect prompt injection.

Scaling MCP adoption: Our reference architecture for simpler, safer and cheaper enterprise deployments of MCP

Remote MCP servers provide better visibility and control

MCP server portals centralize discovery and governance

Code Mode with MCP server portals reduces costs

AI Gateway provides extensibility and cost controls

Cloudflare Gateway discovers and blocks shadow MCP

Public-facing MCP Servers are protected with AI Security for Apps