Cloudflare's Reference Architecture for Secure Enterprise MCP Deployments

Cloudflare has aggressively adopted Model Context Protocol (MCP) as a core part of its AI strategy, but this adoption comes with security risks such as authorization sprawl, prompt injection, and supply chain risks. To mitigate these risks, Cloudflare has integrated a suite of security controls from its Cloudflare One (SASE) platform and Cloudflare Developer platform to govern AI usage with MCP. The company has also developed a reference architecture for simpler, safer, and cheaper enterprise deployments of MCP.

Key Technical Details

Cloudflare's reference architecture uses remote MCP servers, which provide better visibility and control over MCP usage. Remote MCP servers are deployed on custom domains on Cloudflare's developer platform, giving Cloudflare visibility into which MCP servers are being used by employees, while maintaining control over software sources. The architecture also uses Cloudflare Access, MCP server portals, and AI Gateway to secure MCP workflows.

Practical Implications for Developers

Developers can use Cloudflare's reference architecture to deploy governed MCP servers with default-deny write controls, audit logging, auto-generated CI/CD pipelines, and secrets management. This allows developers to stand up new governed MCP servers in minutes, without worrying about security risks. The architecture also provides a centralized team to manage MCP server deployment across the enterprise, reducing the risk of supply chain attacks or tool injection attacks.

Timeline and Availability

Cloudflare has launched Code Mode with MCP server portals, which drastically reduces token costs associated with MCP usage. The company has also described how to use Cloudflare Gateway for Shadow MCP detection, to discover use of unauthorized remote MCP servers. The reference architecture is available for developers to use, and Cloudflare's centralized team is available to manage MCP server deployment across the enterprise.