What I wish I knew about how to secure mcp connections for chatgpt and claude at work

A tech professional's viral post has exposed critical, unanticipated security and operational gaps when connecting AI assistants like OpenAI's ChatGPT and Anthropic's Claude to internal tools via the Model Context Protocol (MCP). The team rolled out MCP access to their CRM, project management tool, and databases, only to discover that a single agent session could generate 50 to 100 MCP tool calls to answer one question. This massive query volume from just 15 daily users triggered their CRM's API rate limits within a week. Furthermore, they found no built-in method to restrict agent capabilities, leading to a 'read-only' agent unexpectedly updating a customer record.

The post highlights a trio of default MCP shortcomings: rampant API consumption leading to throttling, the absence of granular permission controls, and zero audit trails for compliance. To solve this, the team deployed Gravitee as a gateway between their AI assistants and internal tools. This configuration, which took about a week across five MCP servers, now enforces rate limits per user per tool, scopes permissions to prevent unauthorized writes, and provides full audit logs. The key lesson is that access control, rate limiting, and logging must be planned from day one of MCP deployment, not bolted on after teams become dependent on connected AI agents.