I wrote last week about an approach to evaluating MCP Gateways for the enterprise. Today, I want to discuss the idea of an MCP Proxy and explain the role it plays in delivering MCP servers within an IT organization. As teams begin adopting the Model Context Protocol (MCP) as a critical element in connecting apps and data to AI agents and users, it is critical that we understand the traffic that is passing through MCP servers and implement guardrails. Without that, the security risks we’ve detailed in other posts, are incredibly difficult to address.
OK – let’s get to it, we’ll try to discuss, what an MCP Proxy is, what functions it meets, and dive a bit into how we’ve addressed it here at Obot.
What Is an MCP Proxy?
If you’re familiar with the idea of a proxy, you’ll understand the role of an MCP proxy easily. An MCP Proxy sits between your MCP client (such as an AI agent, IDE, or chat interface) and the MCP servers that expose applications, data, or systems. Instead of clients connecting directly to every MCP server, all traffic flows through the proxy, which enforces policies, manages credentials, and logs interactions. To do this, the MCP Proxy is usually implemented as a piece of code that is both an MCP server (for a client to call), and an MCP client (which then calls to the original MCP server).
This design provides a central point of control for IT, ensuring that only approved users can access authorized MCP servers—while also providing observability into how those servers are being used. Obviously, this isn’t ideal for local MCP servers that run directly on a client. For a proxy to provide impact, MCP servers need to be run as remote MCP servers, either within your organization or by a third party. OK – let’s dive into this idea a bit deeper and explain it in more depth.
Why Organizations Should Consider an MCP Proxy
1. Security and Authentication
Security is one of the key benefits of an MCP Proxy. By implementing a proxy, organizations wecan create a point of control between the unknown client and a known set of MCP servers. Direct connections between AI agents or employees/customers using MCP clients for chat and enterprise systems can create security blind spots. An MCP Proxy:
- Enforces OAuth 2.1 authentication flows with external services
- Inspects individual MCP requests against policies
- Ensures all traffic is routed through a known network endpoint
There is enormous power in the second point. With a proxy, we can inspect traffic for known security issues like prompt injection or tool injection, as well as data leaks. An MCP proxy can typically call any webhook to run inspection on traffic passing through the proxy, which gives teams a lot of flexibility in how they want to implement security policies.
2. Access Control and Governance
As more MCP servers appear—some hosted internally, some provided by third parties—managing access can quickly become nearly impossible. To address this, an MCP Proxy can enforce access control based on policy that is defined in an MCP Gateway. Typically organizations will link existing identity management systems, such as Okta or Microsoft Entra with an MCP Gateway, and then enforce control at the proxy. An MCP Proxy introduces:
- Role-based access control (RBAC) enforcement, to control which users and teams can access specific MCP servers
- User isolation, so credentials and sessions don’t overlap
- Audit compliance, ensuring IT can prove who accessed what, and when
This is absolutely necessary for any organization that wants to provide MCP servers that are only available to a subset of an organization. If implemented with an MCP Gateway, it provides a governance framework that can meet enterprise and regulatory requirements.
3. Telemetry and Observability
Beyond security, MCP developers and administrators are the other key beneficiary of an MCP Proxy. The proxy can provide a broad set of insights on the performance and content flowing through your MCP servers. An MCP Proxy can provide:
- Request tracking for every MCP interaction
- Performance metrics on response times and success rates
- Error logging with detailed reports for troubleshooting
- Audit trails to provide a full history of usage
This is an area we are seeing a significant increase in requirements and complexity. Organizations are expanding telemetry capabilities to ensure IT teams have the insights they need to support users, monitor adoption, and proactively address performance or reliability issues. They are also asking interesting questions about who has access to the logs and audit trails, as some of the content can be sensitive.
4. Manageability at Scale
Finally, the other big benefit of an MCP Proxy is for the IT team trying to gain control of a rapidly sprawling set of MCP servers. MCP adoption is exploding. One organization I spoke to last month shared that they had more than 2000 known MCP servers since they started trying to audit the problem. New servers are being spun up daily by employees, vendors, and SaaS providers. Without a central proxy, IT is stuck relying on ad hoc tools like SharePoint or Slack threads to manage them. An MCP Proxy can provide order by:
- Maintaining a server registry with metadata and capabilities
- Normalizing protocol versions and interoperability to address a changing protocol
- Providing health monitoring to track server availability
- Offering a session manager to handle user contexts consistently
- Supporting both remote third-party MCPs and hosted MCPs inside the enterprise environment
A proxy alone isn’t solving all of these issues, but as part of a broader MCP Gateway, it turns MCP usage from a chaotic sprawl into a manageable, governed layer of enterprise infrastructure.
How we leverage an MCP Proxy in the Obot MCP Gateway
At Obot, we’ve open sourced an MCP Gateway that includes an MCP Proxy. The proxy is an integral part of how we approach implementing a centralized approach to managing MCPs. Our engineering team built our MCP proxy as an element within the open-source Obot MCP Gateway, so that we could deliver on key enterprise IT requirements, including:
- Exposing MCP servers only to authorized users
- Managing access through fine-grained policies
- Inspecting all traffic for security and governance
- Tracking usage, errors, and performance metrics
An MCP Proxy is not all that Obot provides, it also deals with the operational challenges of running MCP Servers on demand, and delivering them as web services to clients, as well as providing web-based chat client for users to engage with MCP Servers. However, without the MCP Proxy, it would be impossible to ensure safe AI adoption while giving IT the security and visibility they need.
Last week, my co-founder Craig Jellick, demonstrated Obot on The Context MCP livestream. It provides a good overview of how an MCP gateway works, and how administrators can leverage the MCP proxy to implement a secure approach to running MCP servers.
Conclusion
I hope this was a useful introduction to the concept of an MCP server. The MCP standard looks like it will be the backbone of enterprise AI connectivity, and power an explosion of everyday use cases. But without a trusted control layer, the risks of uncontrolled adoption will overwhelm all the benefits. An MCP Proxy provides the guardrails: enforcing security, enabling access control, offering telemetry, and making MCPs manageable at scale.
For enterprises looking to unlock the full potential of AI while maintaining trust and compliance, the Obot MCP Gateway is open source and delivers exactly that—a secure MCP Proxy built for modern IT.
