Intology
Fixed-price. Delivered in 5 days.

AI Connector & MCP Risk Review

Mid-market firms are connecting AI tools to live business systems at pace - and almost none of them know exactly what data those connectors can access, what actions they can trigger, or what a misconfiguration would expose.

Intology's MCP security audit gives you the inventory, the exposure map, the governance gap analysis, and a board-ready risk summary - in a fixed-price engagement with a defined scope and a clear deliverable.

Book a scoping callSee pricing

5 days

Standard review duration

£2.5k

Starting price for SMEs

6-step

Structured methodology

Fixed

Price, scope, and deliverable

The risk most boards have not seen yet

MCP connectors are the new shadow IT - and nobody is auditing them

Model Context Protocol gives AI agents the ability to read databases, send emails, update CRM records, query finance systems, and trigger business workflows - all through a single, standardised connector interface.

Adoption has moved faster than governance. Teams deploy MCP servers to solve immediate problems. Permissions get set broadly because narrowing them takes time. Logs are not centralised. The board is not briefed. And the CISO often does not know how many connectors are active, let alone what they can access.

This is not a theoretical risk. Prompt injection attacks that manipulate AI agent behaviour through external content are already documented in production environments. An over-scoped connector combined with a prompt injection vulnerability is a material data breach waiting to happen.

Questions your board should be asking

  • What AI tools are connected to our business systems - and who authorised each connection?
  • What data can each AI connector read, write, or delete?
  • Are our OAuth tokens following least-privilege principles?
  • Could a prompt injection attack cause an AI agent to exfiltrate data?
  • If an AI connector misbehaved, would we know? How quickly?
  • Are we prepared for the EU AI Act's human oversight requirements?

Signs you need this review

Does your organisation need an MCP security audit?

Most organisations that need this review do not know they need it until they see the list.

No central inventory of AI integrations

Staff are connecting AI tools - ChatGPT, Copilot, Claude, custom agents - to live business systems. Nobody has a complete list of what is connected to what.

MCP servers running without audit trails

Model Context Protocol servers are active in your environment but generate no centralised logs. If an AI agent takes an action through an MCP connector, there is no record of it.

OAuth tokens are over-scoped

AI integrations were granted broad permissions at setup ('it was easier') and those scopes have never been reviewed. Tokens may have access to far more than the AI actually needs.

Nobody can answer the board's question

When asked 'what data can your AI tools access?', the honest answer is 'we don't know for certain'. That is an unacceptable position for a board, a regulator, or a CISO.

AI agents can act without human approval

Agentic AI tools can send emails, create records, update systems, or trigger workflows without a human in the loop. There are no defined thresholds for when approval is required.

No incident response plan for AI-driven actions

If an AI connector behaves unexpectedly - or is manipulated via prompt injection - there is no playbook for identifying, containing, and remediating the impact.

Third-party MCP servers in use

Teams are deploying community or vendor MCP servers without security review, introducing connectors of unknown provenance into production environments.

Prompt injection risk not assessed

AI agents that ingest external content - emails, documents, web pages - could be manipulated by adversarial text embedded in that content. This attack surface has not been mapped.

The methodology

Six-step MCP and AI connector review

A structured, repeatable methodology that produces evidence-based findings - not an opinion survey. Every step has a defined input, a defined output, and a clear contribution to the final risk summary.

01

Connector & MCP Inventory

Enumerate all active AI integrations, MCP servers, API connectors, and OAuth applications across your environment. Build the baseline inventory your security function almost certainly does not have. Include shadow IT and team-level integrations, not just enterprise-approved tools.

02

Data Exposure Mapping

For each connector, classify what data it can read, write, modify, or delete. Map against your data classification policy - or build the classification if it is absent. Identify which connectors have access to personal data, commercially sensitive information, or regulated data.

03

OAuth Scope Review

Assess whether every granted OAuth scope follows least-privilege principles. Identify over-privileged tokens, stale authorisations, shared credentials, and applications with more access than their documented purpose requires. Flag tokens that should be revoked or rescoped.

04

Prompt Injection Exposure

Identify the attack surface where adversarial content in external data sources - emails, documents, web pages, CRM records - could redirect AI agent actions. Assess tool-call boundaries, input sanitisation, and whether your agents can be manipulated into taking unintended actions.

05

Logging & Governance Gaps

Review audit trails, approval workflows, and human-in-the-loop controls for AI-driven actions. Assess whether you could reconstruct what an AI agent did, when, and why. Identify gaps in incident response coverage and escalation paths for AI-related security events.

06

Board-Level Risk Summary

Translate findings into a board-ready risk register with likelihood, impact, and urgency ratings. Produce a remediation roadmap prioritised by risk, not technical complexity. Written for a board and CISO audience - not a developer audience.

Fixed-price tiers

Transparent pricing. No scope creep.

Every tier is a fixed price for a defined deliverable. The price you see is the price you pay. If your environment is larger or more complex than the tier covers, we agree that at the scoping call - not after the work has started.

Starter

SME · Up to 250 staff

£2,500

Fixed price · 2-day review · Up to 10 connectors

  • Connector & MCP inventory
  • Data exposure classification
  • OAuth scope assessment
  • Findings report with risk ratings
  • Prioritised remediation actions
  • Remote delivery
Book a scoping call
Most popular

Standard

Mid-market · 250 - 1,000 staff

£5,000

Fixed price · 5-day review · Up to 25 connectors

  • Full connector & MCP inventory
  • Data exposure mapping
  • OAuth scope review
  • Prompt injection exposure assessment
  • Logging & governance gap analysis
  • Findings report + remediation roadmap
  • Remote + one day on-site
Book a scoping call

Enterprise

Enterprise · 1,000+ staff

£10,000

Fixed price · 5-day senior-led review · Unlimited connectors

  • Full connector & MCP inventory
  • Data exposure mapping
  • OAuth scope review
  • Prompt injection exposure assessment
  • Logging & governance gap analysis
  • Findings report + remediation roadmap
  • Board presentation of findings
  • 30-day remediation check-in call
  • Remote + up to two days on-site
Book a scoping call

All prices exclude VAT. Remediation support available as a separate follow-on engagement.

How the engagement works

Scoping call to board-ready findings in five days

A clean, time-boxed engagement with a defined structure. You know what happens at each stage and what you will receive at the end.

Scoping call

60 minutes

Agree the connector scope, access requirements, key stakeholders, and timeline. Confirm any confidentiality or access constraints. No charge, no obligation.

Document & access review

Days 1 - 2

Connector inventory, OAuth token analysis, configuration review, and data classification. Remote access to relevant systems, logs, and documentation.

Technical interviews & testing

Days 3 - 4

Structured interviews with security, engineering, and operations leads. Prompt injection testing. Logging and governance assessment against best-practice controls.

Report delivery

Day 5

Findings report, risk register, and prioritised remediation roadmap. Walkthrough session with the commissioning team. Board-ready executive summary included.

Optional: Remediation support

For organisations that want help implementing controls, redesigning AI operating models, or building an AI governance framework, Intology offers follow-on remediation engagements scoped and priced separately. Never a condition of the review.

Why Intology

No vendors in our revenue chain. No platform to sell you.

Intology is a management consultancy, not an AI vendor, a system integrator, or a platform reseller. We have no commercial relationship with any MCP platform provider, AI tool vendor, or OAuth identity provider. Our findings are independent.

The review is delivered by senior practitioners with board-level advisory experience across major transformation and technology programmes. We know how to translate technical risk into language that boards and investment committees can act on.

Every finding comes with a remediation action. Every action is prioritised. The output is not a list of problems - it is a risk register and a roadmap that your security and engineering teams can execute against.

Vendor-neutral

No AI platforms, tool vendors, or integrators in our revenue chain. Our findings go where the evidence points.

Senior-led

Delivered by practitioners with board-level advisory and CISO engagement experience - not junior analysts.

Fixed scope

A defined deliverable at a defined price. The scoping call agrees the boundaries before work starts.

Bridge to transformation

Security findings often reveal operating model gaps. We can connect the two - without making it a condition of the review.

Common questions

Questions we get asked

What is MCP and why does it create security risk?

Model Context Protocol (MCP) is an open standard that lets AI assistants and agents connect to external tools, databases, APIs, and business systems. It dramatically expands what an AI can do - but also dramatically expands the attack surface. An MCP connector can read and write live data, execute code, and trigger workflows. If it is over-scoped, unaudited, or vulnerable to prompt injection, it becomes a material security exposure.

We already have a penetration test. Does this replace it?

No - this is complementary, not a substitute. A penetration test looks for exploitable technical vulnerabilities in your systems. An MCP and AI connector risk review looks at something different: the governance and data-access risks created by the way AI tools are connected and configured. Most penetration test scopes do not cover AI connector behaviour, OAuth scope proliferation, or prompt injection attack paths through MCP servers.

Do you need administrative access to our systems?

For the Starter and Standard tiers, we work primarily from documentation, configuration exports, and structured interviews - we do not require live privileged access in most cases. For the Enterprise tier, where we are assessing a larger and more complex connector estate, we may request read-only access to specific systems to validate configuration. All access requirements are agreed in the scoping call before engagement.

What does the remediation roadmap look like?

The roadmap is a prioritised action plan - not a raw findings list. We group remediation actions by urgency (immediate, 30-day, 90-day) and by effort (quick wins versus structural changes). Each action is mapped to the risk it addresses, the team responsible for it, and the control it establishes. The aim is a document your security and engineering teams can actually execute against.

Does this help with EU AI Act compliance?

Partially. The EU AI Act's requirements for high-risk AI systems include transparency, human oversight, and technical robustness obligations - areas our review directly addresses. The review is not a formal EU AI Act compliance audit, but the governance gaps we identify and the controls we recommend are directly relevant to organisations preparing for EU AI Act obligations.

Can findings lead to a wider engagement?

Yes, and that is often the right outcome. Organisations that discover significant governance gaps through this review sometimes need help implementing controls, redesigning AI operating models, or building an AI governance framework from scratch. Intology offers those follow-on engagements, but they are never a condition of the review itself. The review stands alone as a complete, fixed-price deliverable.

Related Intology services

Agentic AI Consulting

Independent assessment of where agentic AI delivers value, what governance it requires, and how to embed it safely.

Learn more

AI Governance Framework

Design of board accountability, risk classification, and operational controls for AI deployment across the enterprise.

Learn more

Programme Assurance

Independent oversight of major technology and transformation programmes - gate reviews, health checks, board reporting.

Learn more

Get started

Book a scoping call

The scoping call is free and carries no obligation. We agree the connector scope, access requirements, and timeline - then you decide whether to proceed. Most MCP security audit engagements start within two weeks of the scoping call.

Book your scoping call+44 (0) 330 043 1642