Secure MCP Is the Access Model Enterprise AI Agents Have Been Missing

AI agents have arrived in enterprise development. But the access model they need hasn’t.

Published on

by

Read time:

4–6 minutes
Flowchart with a shield labeled T representing Secure MCP between two linked steps, ending at a box labeled Done.

Your developers already use Claude Code, Cursor, and Codex side-by-side with the VIP Dashboard. They want those agents making development more efficient by automating deployments across environments, finding issues in log files, and streamlining content edits, not just autocompleting text.

The capability exists, but the governance and security risks are high without the right approach.

The governance gap

Developers want to use agents, but most options are risky. Use of raw API keys often comes with no scoping or audit trail. When developers implement bespoke integrations, they work until someone leaves and no one is left to maintain them. Third-party AI tools route around permission models and audit log security teams rely on.

The choice to date is effectively “agents with no governance” or “no agents,” leading most security teams to opt for “no agents.” Developers will find workarounds anyway, which is where the real threat comes in.

Introducing Secure MCP

Secure MCP is a solution both developers and security teams can get behind. One governed, audited endpoint sitting in front of two toolsets — WordPress VIP’s platform infrastructure (apps, environments, deploys, domains, logs, backups, WP-CLI) and WordPress core. Secure MCP is built on the open MCP standard, making it compatible with MCP-aware clients.

One credential works for all clients including Claude Code, Cursor, Claude Desktop, Gemini CLI, and Codex. A single endpoint (api.wpvip.com/mcp) sits in front of both WordPress MCP and VIP MCP’s 57 platform tools, replacing the sprawl of keys for each integration. This reflects the WordPress VIP commitment to being an open platform, not a walled garden that forces you to use a limited set of tools.

How secure MCP access works

With Secure MCP, agents become VIP Dashboard users. They don’t get their own identity or a service account with unrestricted scope. The agent gets the same level of access as the authenticated user. No more, no less. Unauthorized tools are never registered, so there’s nothing to block.

Agents acting on behalf of a developer who can push to staging but has no production access are also limited to staging environment access.

Developers already want this. In a closed-beta, testers reported time-to-first-action of as little as 15 minutes. One popular use case is DB sync and staging error-log access that previously required a manual ticket request.

Since many platforms don’t let you sync directly from production straight into a local development environment, Seth Rubenstein, Head of Engineering at Pew Research Center used the Secure MCP to create a Cursor command to go through his favored route to get a production database down locally. Baking that into a command means you never accidentally try (or get tempted to try) a shortcut that isn’t permitted.

Your team’s developers can roll back a release, clear the cache, and check the logs in seconds. VIP Platform MCP runs your infrastructure, with 50+ tools across environments, deployments, domains, backups, and WP-CLI.

Secure MCP supports your site operations too: Your marketing team can publish a post, create a page, and update a template directly from a chat from an AI agent of their choice. The connection manages your content and configuration through the server inside the site.

The controls that make this ownable

Configurable controls keep admins in charge:

  • Deny by default means agents don’t have access until an admin enables Secure MCP.
  • Production writes remain off until opt-in, which is enabled per app, deliberately, not by default.
  • Step up verification keeps humans in the loop with in-browser confirmation of sensitive writes.

A kill switch lets admin accounts disable all agent access org-wide in under 60 seconds. It’s right there in the VIP Dashboard, which means you don’t need to file a support ticket and wait for agents to be turned off via support tickets.

There’s also accountability for every action the agent takes. Every call is recorded in the MCP Call Log, attributed to the person who authorized it. There’s a dedicated record, distinct from the standard environment audit log, built specifically for agent attribution.

Why security signs off

Secure MCP requires agents to run as the authenticated user, so the existing security review applies. The access model remains the same, and existing user permissions are enforced automatically. The audit process remains intact. Security is being asked to trust the same permission model, audit trail, and kill switch they already use for humans, now extended to agents acting on those humans’ behalf.

When an agent runs as the authenticated user, there is nothing for security to re-approve, no introduction of additional vendor risk, and no additional access tiers created.

A caveat to access control: WordPress-only accounts without a matching VIP Dashboard login can connect directly to WordPress MCP and sit outside Secure MCP’s governance and audit trail. Security teams evaluating Secure MCP should factor this into their access review.

The choice isn’t agents or no agents anymore

Every enterprise security team has faced some version of this trade-off: let developers use the agents they already want, or hold the line and watch them find a workaround anyway.

Secure MCP ends the trade-off without a new identity to govern or a new process to audit. It takes the permission model, the audit trail, and the kill switch your team already relies on for people, and extends the same rules to the agents acting on their behalf.

That’s a technical decision with practical consequences: Security can say yes to agent usage without rewriting how they assess risk. Developers get efficiency gains through agents orchestrating deployments, reducing tedious log file analysis, and automating content edits, all within the same governance boundary that already exists.

Ship more, faster

Secure MCP is ungated and available to all VIP customers at no additional cost. See a demo of Secure MCP in action, or read the docs to see exactly how you can ship more with agents.

Author

Don’t miss The Brief.

Timely topics, practical insights, decisive steps. Every two weeks.

Loading form …

Categories

Don’t miss The Brief.

Timely topics, practical insights, decisive steps. Every two weeks.