Ctrlk

MCP Server Visibility

Use Cases

Shadow MCP discovery

Identify servers that were never formally approved but are actively running on developer machines. Filter by High risk to prioritize review.

Risk prioritization

Focus remediation efforts on High-risk servers with the broadest user reach or highest volume, as these represent the greatest potential for data exposure.

Configuration auditing

Verify that only sanctioned MCP servers are present in global configuration files. Project-scoped configurations may warrant additional scrutiny if they reference servers not in your approved list.

Incident investigation

When a DLP alert fires involving an AI agent tool call, use AI Governance to identify which MCP server was invoked, on which device, by which user, and what configuration was active at the time.

Prerequisites

MCP visibility in AI Governance requires the following to be in place on each endpoint:

  • Nightfall Agent v1.2.12.11 or later - earlier agent versions do not collect MCP telemetry. Agents auto-update, but the MCP feature will not activate unless the MDM profile is also updated (see below).

  • Nightfall MDM Profile v3 - the updated profile grants the agent the system permissions needed to observe MCP server activity. Updating the agent alone is not sufficient; the MDM profile must be explicitly updated by your IT or SecOps team. The new profile is included in the macOS agent bundle for v1.2.12.9 and later.

Note: If the MDM profile has not been updated to v3, MCP data will not appear in AI Governance even if the agent has been updated and the feature is enabled for your tenant.

Contact the Nightfall account team via Slack or reach out to [email protected] if you need assistance coordinating the MDM profile update with your device management workflow.

Nightfall's AI Governance capabilities gives security and IT teams real-time visibility into every MCP (Model Context Protocol) server running across your organization's developer machines. This includes servers used by AI coding assistants such as Claude Code, Cursor, and other MCP-compatible clients.

You can discover which MCP servers are active, assess their risk, identify who is using them, and audit how they are configured.

MCP Servers

The main table lists every MCP server observed across your organization's endpoints. Each row represents a unique server.

Column Definitions

Column

Description

Server Name

The name of the MCP server as it appears in the user's configuration file (mcp.json, claude.json, or equivalent). For container-based remote servers this is typically the image name (e.g. ghcr.io/buildkite/buildkite-mcp-server).

Type

The transport mechanism used by the server. stdio servers run as a local process on the developer's machine. http / sse servers are hosted remotely and accessed over the network.

Risk

Nightfall's risk score for the server, calculated from up to five factors: whether the server is registered in a known catalog, how it communicates (local process vs. network), whether it has a source repository, version freshness. Possible labels are Known, Low, Medium, High, and Critical.

Users

The number of distinct user identities across all devices who have this server configured or have invoked it within the selected time window.

Clients

The AI host applications that have started or called this server (e.g. Claude Code, Cursor, bash). A +N badge indicates additional clients beyond those shown inline.

Volume

A measure of how much this server has been used. The meaning differs by server type - see the section below.

Last Activity

How long ago this server was last started or invoked, across any device in the organization.

Understanding the Volume Column

The Volume column reports usage intensity, but the metric depends on how the server communicates.

Local MCP Servers (type: stdio)

Local servers run as a child process on the developer's machine, launched by the AI client on demand.

  • Volume equals number of times the server process was started, displayed as N starts.

  • Each AI agent session that uses the server typically generates one start.

  • Example: 6.9K starts means the server was launched approximately 6,900 times across all users and devices.

Remote MCP Servers (type: http / sse)

Remote servers are hosted services accessed over the network via HTTP or Server-Sent Events.

  • Volume = total data transferred to and from the server, displayed in standard units (KB, MB, GB).

  • This includes both the data sent in tool call requests (inputs) and the data returned in tool call responses (outputs).

  • Example: 1.2 GB means 1.2 gigabytes of combined upload and download traffic was observed to this server.

MCP Server Details

Click any row in the table to open a detail panel for that server. The panel contains two sections.

Devices

A list of every device on which this server has been configured or invoked.

Each row shows:

  • User - the identity of the person using the device

  • Device ID - the unique identifier of the endpoint

  • Host App - which AI client invoked the server on that device (e.g. Claude Code, Cursor)

Use this view to answer: Which machines is this server running on, and who is using it?

MCP Configuration File Versions

Shows all versions of every configuration file that references this server - for example, ~/.claude.json, ~/.claude/claude.json, or .cursor/mcp.json.

Files are grouped by host application (Claude, Claude Code, Cursor) and by scope:

  • Global - applies to all projects for that user

  • Project - scoped to a specific repository or workspace

For each file you can see:

  • The full file path on the device

  • The scope badge (Global or Project)

  • The last-modified date

  • A version history (v1, v2, …) with the file contents at each version, so you can see exactly what changed and when

Use this view to answer: What MCP servers is this person authorized to use, and has their configuration changed recently?

PreviousAI GovernanceNextAuditability and Control

Last updated

Was this helpful?