# AI Agent Governance: MCP Server Visibility

### Prerequisites

MCP visibility in AI Governance requires the following to be in place on each endpoint:

* **Nightfall Agent v1.2.12.9 or later** - earlier agent versions do not collect MCP telemetry. Agents auto-update, but the MCP feature will not activate unless the MDM profile is also updated (see below).
* **Nightfall MDM Profile v3** - the updated profile grants the agent the system permissions needed to observe MCP server activity. Updating the agent alone is not sufficient; the MDM profile must be explicitly updated by your IT or SecOps team. The new profile is included in the macOS agent bundle for v1.2.12.9 and later.

> **Note:** If the MDM profile has not been updated to v3, MCP data will not appear in AI Governance even if the agent has been updated and the feature is enabled for your tenant.

Contact the Nightfall account team via Slack or reach out to <support@nightfall.ai> if you need assistance coordinating the MDM profile update with your device management workflow.

***

Nightfall's **AI Governance** capabilities gives security and IT teams real-time visibility into every MCP (Model Context Protocol) server running across your organization's developer machines. This includes servers used by AI coding assistants such as Claude Code, Cursor, and other MCP-compatible clients.

You can discover which MCP servers are active, assess their risk, identify who is using them, and audit how they are configured.

***

### MCP Servers

The main table lists every MCP server observed across your organization's endpoints. Each row represents a unique server.

#### Column Definitions

<table data-header-hidden><thead><tr><th width="150.73828125"></th><th></th></tr></thead><tbody><tr><td>Column</td><td>Description</td></tr><tr><td><strong>Server Name</strong></td><td>The name of the MCP server as it appears in the user's configuration file (<code>mcp.json</code>, <code>claude.json</code>, or equivalent). For container-based remote servers this is typically the image name (e.g. <code>ghcr.io/buildkite/buildkite-mcp-server</code>).</td></tr><tr><td><strong>Type</strong></td><td>The transport mechanism used by the server. <code>stdio</code> servers run as a local process on the developer's machine. <code>http</code> / <code>sse</code> servers are hosted remotely and accessed over the network.</td></tr><tr><td><strong>Risk</strong></td><td>Nightfall's risk score for the server, calculated from up to five factors: whether the server is registered in a known catalog, how it communicates (local process vs. network), whether it has a source repository, version freshness. Possible labels are <strong>Known</strong>, <strong>Low</strong>, <strong>Medium</strong>, <strong>High</strong>, and <strong>Critical</strong>.</td></tr><tr><td><strong>Users</strong></td><td>The number of distinct user identities across all devices who have this server configured or have invoked it within the selected time window.</td></tr><tr><td><strong>Clients</strong></td><td>The AI host applications that have started or called this server (e.g. Claude Code, Cursor, bash). A <strong>+N</strong> badge indicates additional clients beyond those shown inline.</td></tr><tr><td><strong>Volume</strong></td><td>A measure of how much this server has been used. The meaning differs by server type - see the section below.</td></tr><tr><td><strong>Last Activity</strong></td><td>How long ago this server was last started or invoked, across any device in the organization.</td></tr></tbody></table>

***

### Understanding the Volume Column

The **Volume** column reports usage intensity, but the metric depends on how the server communicates.

#### Local MCP Servers (type: `stdio`)

Local servers run as a child process on the developer's machine, launched by the AI client on demand.

* **Volume equals number of times the server process was started**, displayed as *N starts*.
* Each AI agent session that uses the server typically generates one start.
* Example: `6.9K starts` means the server was launched approximately 6,900 times across all users and devices.

#### Remote MCP Servers (type: `http` / `sse`)

Remote servers are hosted services accessed over the network via HTTP or Server-Sent Events.

* **Volume = total data transferred** to and from the server, displayed in standard units (KB, MB, GB).
* This includes both the data sent in tool call requests (inputs) and the data returned in tool call responses (outputs).
* Example: `1.2 GB` means 1.2 gigabytes of combined upload and download traffic was observed to this server.

***

### MCP Server Details&#x20;

Click any row in the table to open a detail panel for that server. The panel contains two sections.

#### Devices

A list of every device on which this server has been configured or invoked.

Each row shows:

* **User** - the identity of the person using the device
* **Device ID** - the unique identifier of the endpoint
* **Host App** - which AI client invoked the server on that device (e.g. Claude Code, Cursor)

Use this view to answer: *Which machines is this server running on, and who is using it?*

#### MCP Configuration File Versions

Shows all versions of every configuration file that references this server - for example, `~/.claude.json`, `~/.claude/claude.json`, or `.cursor/mcp.json`.

Files are grouped by host application (Claude, Claude Code, Cursor) and by scope:

* **Global** - applies to all projects for that user
* **Project** - scoped to a specific repository or workspace

For each file you can see:

* The full file path on the device
* The scope badge (Global or Project)
* The last-modified date
* A version history (v1, v2, …) with the file contents at each version, so you can see exactly what changed and when

Use this view to answer: *What MCP servers is this person authorized to use, and has their configuration changed recently?*

***

### Use Cases

**Shadow MCP discovery**

Identify servers that were never formally approved but are actively running on developer machines. Filter by High risk to prioritize review.

**Risk prioritization**

Focus remediation efforts on High-risk servers with the broadest user reach or highest volume, as these represent the greatest potential for data exposure.

**Configuration auditing**

Verify that only sanctioned MCP servers are present in global configuration files. Project-scoped configurations may warrant additional scrutiny if they reference servers not in your approved list.

**Incident investigation**

When a DLP alert fires involving an AI agent tool call, use AI Governance to identify which MCP server was invoked, on which device, by which user, and what configuration was active at the time.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.nightfall.ai/data-exfiltration-prevention/ai-agent-security/ai-agent-governance-mcp-server-visibility.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.