Cloudflare Outlines MCP Architecture as Enterprises Confront Security and Governance Risks

Cloudflare Outlines MCP Architecture as Enterprises Confront Security and Governance Risks - InfoQ

[BT](http://www.infoq.com/int/bt/ "bt")

InfoQ Software Architects' Newsletter

A monthly overview of things you need to know as an architect or aspiring architect.

View an example

Enter your e-mail address

Select your country - [x] I consent to InfoQ.com handling my data as explained in this Privacy Notice.

We protect your privacy.

Close

Live Webinar and Q&A: Portable by Design: Data Mobility & Recovery Patterns for Multi-Cloud Systems (May 21, 2026)Save Your Seat

Close

Toggle Navigation

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

English edition

• English edition
• Chinese edition
• Japanese edition
• French edition

[Write for InfoQ](http://www.infoq.com/write-for-infoq/ "Write for InfoQ")

Search

RegisterSign in

Unlock the full InfoQ experience

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources.

Log In

or

Don't have an InfoQ account?

Register

• **Stay updated on topics and peers that matter to you**Receive instant alerts on the latest insights and trends.
• **Quickly access free resources for continuous learning**Minibooks, videos with transcripts, and training materials.
• **Save articles and read at anytime**Bookmark articles to read whenever youre ready.

Logo - Back to homepage

NewsArticlesPresentationsPodcastsGuides

Topics

[Development](http://www.infoq.com/development/ "Development")

• [Java](http://www.infoq.com/java/ "Java")
• [Kotlin](http://www.infoq.com/kotlin/ "Kotlin")
• [.Net](http://www.infoq.com/dotnet/ ".Net")
• [C#](http://www.infoq.com/c_sharp/ "C#")
• [Swift](http://www.infoq.com/swift/ "Swift")
• [Go](http://www.infoq.com/golang/ "Go")
• [Rust](http://www.infoq.com/rust/ "Rust")
• [JavaScript](http://www.infoq.com/javascript/ "JavaScript")

Featured in Development

• #### From VR to Flat Screens: Bridging the Input and Immersion Gap

Dany Lepage discusses the architectural journey of porting a hit VR title to seven non-VR platforms. He explains how his team solved the challenges of cross-progression, diverse input paradigms, and maintaining release velocity across Steam, iOS, and PlayStation. Beyond the tech, he shares candid lessons on the "product fit" gap when translating immersive social presence to 2D screens.


All in developmentFollow Topic

[Architecture & Design](http://www.infoq.com/architecture-design/ "Architecture & Design")

• [Architecture](http://www.infoq.com/architecture/ "Architecture")
• [Enterprise Architecture](http://www.infoq.com/enterprise-architecture/ "Enterprise Architecture")
• [Scalability/Performance](http://www.infoq.com/performance-scalability/ "Scalability/Performance")
• [Design](http://www.infoq.com/design/ "Design")
• [Case Studies](http://www.infoq.com/Case_Study/ "Case Studies")
• [Microservices](http://www.infoq.com/microservices/ "Microservices")
• [Service Mesh](http://www.infoq.com/servicemesh/ "Service Mesh")
• [Patterns](http://www.infoq.com/DesignPattern/ "Patterns")
• [Security](http://www.infoq.com/Security/ "Security")

Featured in Architecture & Design

• #### Event-Driven Patterns for Cloud-Native Banking - What Works, What Hurts?

Chris Tacey-Green discusses the shift from synchronous commands to asynchronous events within highly regulated environments. He explains the critical role of Inbox and Outbox patterns in preventing data loss, the nuances of event versioning, and how to maintain decoupling between domains. He shares "battle-tested" principles for implementing fault tolerance and managing eventual consistency.


All in architecture-designFollow Topic

[AI Infrastructure](http://www.infoq.com/ai-ml-data-eng/ "AI Infrastructure")

• [Big Data](http://www.infoq.com/bigdata/ "Big Data")
• [Machine Learning](http://www.infoq.com/machinelearning/ "Machine Learning")
• [NoSQL](http://www.infoq.com/nosql/ "NoSQL")
• [Database](http://www.infoq.com/database/ "Database")
• [Data Analytics](http://www.infoq.com/data-analytics/ "Data Analytics")
• [Streaming](http://www.infoq.com/streaming/ "Streaming")

Featured in AI, ML & Data Engineering

• #### Dynamic Moments: Weaving LLMs into Deep Personalization at DoorDash

Sudeep Das and Pradeep Muthukrishnan explain the shift from static merchandising to dynamic, moment-aware personalization at DoorDash. They share how LLMs generate natural-language "consumer profiles" and content blueprints, while traditional deep learning handles last-mile ranking. This hybrid approach allows the platform to adapt to short-lived user intent and massive catalog abundance.


All in ai-ml-data-engFollow Topic

[Culture & Methods](http://www.infoq.com/culture-methods/ "Culture & Methods")

• [Agile](http://www.infoq.com/agile/ "Agile")
• [Diversity](http://www.infoq.com/diversity/ "Diversity")
• [Leadership](http://www.infoq.com/leadership/ "Leadership")
• [Lean/Kanban](http://www.infoq.com/lean/ "Lean/Kanban")
• [Personal Growth](http://www.infoq.com/personal-growth/ "Personal Growth")
• [Scrum](http://www.infoq.com/scrum/ "Scrum")
• [Sociocracy](http://www.infoq.com/sociocracy/ "Sociocracy")
• [Software Craftmanship](http://www.infoq.com/software_craftsmanship/ "Software Craftmanship")
• [Team Collaboration](http://www.infoq.com/team-collaboration/ "Team Collaboration")
• [Testing](http://www.infoq.com/testing/ "Testing")
• [UX](http://www.infoq.com/ux/ "UX")

Featured in Culture & Methods

• #### Empower Your Developers: How Open Source Dependencies Risk Management Can Unlock Innovation

Celine Pypaert discusses the ubiquitous nature of open-source software and shares a blueprint for securing modern applications. She explains how to prioritize high-risk vulnerabilities using exploitability data, the role of Software Bill of Materials (SBOM), and the importance of bridging the gap between DevOps and Security through clear accountability and automated governance.


All in culture-methodsFollow Topic

DevOps

• [Infrastructure](http://www.infoq.com/infrastructure/ "Infrastructure")
• [Continuous Delivery](http://www.infoq.com/continuous_delivery/ "Continuous Delivery")
• [Automation](http://www.infoq.com/automation/ "Automation")
• [Containers](http://www.infoq.com/containers/ "Containers")
• [Cloud](http://www.infoq.com/cloud-computing/ "Cloud")
• [Observability](http://www.infoq.com/observability/ "Observability")

Featured in DevOps

• #### Beyond One-Click: Designing an Enterprise-Grade Observability Extension for Docker

Docker Extensions boost developer speed but create a "visibility gap" by isolating telemetry. To meet enterprise needs, extensions must act as bridges to centralized platforms. This article details how to use OpenTelemetry, policy-as-code, and encryption to build secure pipelines. Learn to balance developer productivity with the governance required for scalable, compliant observability.


All in devopsFollow Topic

[Events](https://events.infoq.com/ "Events")

Helpful links

• [About InfoQ](http://www.infoq.com/about-infoq "About InfoQ")
• [InfoQ Editors](http://www.infoq.com/infoq-editors "InfoQ Editors")
• [Write for InfoQ](http://www.infoq.com/write-for-infoq "Write for InfoQ")
• [About C4Media](https://c4media.com/ "About C4Media")
• [Diversity](https://c4media.com/diversity "Diversity")

Choose your language

• [En](http://www.infoq.com/news/2026/04/cloudflare-mcp/# "InfoQ English")
• 中文
• 日本
• Fr


[InfoQ Homepage](http://www.infoq.com/ "InfoQ Homepage")[News](http://www.infoq.com/news "News")Cloudflare Outlines MCP Architecture as Enterprises Confront Security and Governance Risks

[Architecture & Design](http://www.infoq.com/architecture-design/ "Architecture & Design")

QCon San Francisco (Nov 16-20): Deep technical sessions. Peer conversations that change how you think.

Cloudflare Outlines MCP Architecture as Enterprises Confront Security and Governance Risks

Apr 22, 2026 2 min read

by

• Matt Foster

Follow Technical Principal at Thoughtworks

#### Write for InfoQ

**Feed your curiosity.**Help 550k+ global

senior developers

each month stay ahead.Get in touch

Log in to listen to this article

Audio ready to play

Your browser does not support the audio element.

0:00 0:00

Normal 1.25x 1.5x

Like

• Reading list

Cloudflare has outlined a reference architecture for scaling Model Context Protocol (MCP) deployments across the enterprise, positioning centralized governance, remote server infrastructure, and cost controls as key requirements for production-ready agent systems.

The announcement comes amid growing scrutiny of MCP-based systems, as recent research highlights risks such as prompt injection, supply chain attacks, and exposed or misconfigured servers, with some studies demonstrating arbitrary code execution and data exfiltration across MCP integrations.

MCP, an open standard for connecting AI agents to external tools and data sources, separates the agent-facing client from backend servers that interface with corporate resources. This abstraction allows agents to autonomously retrieve data and perform actions, but also introduces new trust boundaries between models, tools, and sensitive systems. Researchers note that MCP’s architecture expands attack surfaces compared to traditional LLM usage, as a single prompt can trigger chains of actions across multiple systems.

Academic analysis further suggests that these risks are not limited to implementation flaws, but stem from protocol-level design choices that can amplify attack success rates in agent-tool systems.

Cloudflare argues locally deployed MCP servers represent a significant security liability, as they often rely on unvetted software and lack centralized oversight. Instead, the company has adopted a model in which MCP servers are deployed remotely on its developer platform and managed by a centralized team.

Authentication is handled through Cloudflare Access, which integrates with single sign-on (SSO), multi-factor authentication (MFA), and contextual signals such as device posture and location. MCP server portals provide a unified interface for discovering and accessing authorized servers, while also enabling administrators to enforce policies such as data loss prevention (DLP) rules and fine-grained tool exposure.

!Image 12/filters:no_upscale()/news/2026/04/cloudflare-mcp/en/resources/1Screenshot%202026-04-20%20at%201.48.31%E2%80%AFPM-1776718450593.png)

Source: CloudFlare

On the cost control side, the architecture also incorporates an ‘AI Gateway’, positioned between MCP clients and the underlying language models. This allows organizations to route requests across different model providers while enforcing usage limits and monitoring token consumption at a per-user level.

The company also introduced "Code Mode", designed to address the growing complexity of MCP tool definitions. Rather than exposing every API operation to the model, Code Mode collapses tool interfaces into a small set of dynamic entry points, allowing models to discover and invoke tools on demand. Cloudflare reports this can reduce token usage by up to 99.9%, mitigating context window limitations.

While these architectural controls address immediate concerns around security and cost, some analysts argue that the underlying challenge may be less about individual features and more about how MCP fits into the broader architecture of agent systems. Forrester notes that protocols such as MCP are often mistaken for governance layers, when in practice they function more like transport or interoperability mechanisms, comparable to RPC or messaging systems rather than policy engines.

This distinction becomes significant as enterprises begin to introduce centralized control layers. Recent research suggests that governance, observability, and policy enforcement are emerging as a separate "control plane" concern in agent architectures, sitting above both tool integration and orchestration layers. In this context, approaches such as Cloudflare’s can be seen as part of a wider movement toward externalizing control, rather than something inherent to MCP itself.

About the Author


#### **Matt Foster**

Matt is a Technical Principal with Thoughtworks. He specializes in application modernization and helping customers rethink their legacy application architecture. Matt has led multi disciplinary teams across businesses both large and small in Europe and more recently North America. He has penned articles on the subjects of Domain Driven Design and Legacy Displacement Patterns in collaboration with Martin Fowler. A firm believer in a healthy body, promoting a healthy mind, when Matt is not immersed in technology he can be found swimming, biking or running towards his next triathlon.

Show more Show less

#### This content is in the Model Context Protocol (MCP) topic

Follow Topic

##### Related Topics:

• Architecture & Design### Architecture & Design

Followers: 10203

Follow Topic

• AI, ML & Data Engineering### AI, ML & Data Engineering

Followers: 5870

Follow Topic

• Model Context Protocol (MCP)### Model Context Protocol (MCP)

Followers: 31

Follow Topic

• Governance### Governance

Followers: 15

Follow Topic

• Cloud Security### Cloud Security

Followers: 77

Follow Topic

• Cloudflare### Cloudflare

Followers: 16

Follow Topic

• Scaling### Scaling

Followers: 29

Follow Topic

• Cloud### Cloud

Followers: 2126

Follow Topic

* #### Related Editorial

• ##### Cloudflare Launches Public Beta of Secrets Store for Secure Credential Management

• ##### EU's Cloud Sovereignty SEAL Ranking Forces Governance and Resilience Trade-offs

• ##### AWS Unveils Independent European Governance and Operations for European Sovereign Cloud

• ##### Cloudflare Launches Dynamic Workers Open Beta: Isolate-Based Sandboxing for AI Agent Code Execution

• ##### Cloudflare Introduces Local Uploads for R2 to Cut Cross-Region Write Latency by 75%

* #### Related Sponsors

• ##### Beyond Scripts: Why IaC is Actually an Architecture Problem. Join the Discussion at IaCConf 2026 (May 14th).

• ##### Portable by Design: Data Mobility & Recovery Patterns for Multi-Cloud Systems (Live Webinar May 21, 2026) - Save Your Seat

• ##### The Essential Guide to AI Tools for Jakarta EE Developers

• ##### Cutting Java Costs in 2026 Without Slowing Delivery

• ##### The missing layer in the agentic AI stack: Why AI applications need durable sessions

• #### Related Sponsor

**Drop in Ably AI Transport.**

Purpose-built infrastructure for the entire agent-to-user experience. **Start building.**

Related Content

• ##### Cloudflare Launches Dynamic Workers Open Beta: Isolate-Based Sandboxing for AI Agent Code Execution

Apr 01, 2026

• ##### Cloudflare Introduces EmDash: TypeScript CMS Positioned as WordPress Successor

Apr 09, 2026

• ##### Microsoft Launches Azure Copilot Migration Agent to Accelerate Cloud Migration Planning

Mar 29, 2026

• ##### "Pick and Mix" Custom Regions: Cloudflare Introduces Fine-Grained Data Residency Control

Mar 28, 2026

• ##### Event-Driven Patterns for Cloud-Native Banking: Lessons from What Works and What Hurts

Mar 31, 2026 

• ##### Scaling Cloud and Distributed Applications: Lessons and Strategies

Dec 04, 2025 

• Icon##### Thinking Like a Detective: Solving Cloud Infrastructure Mysteries

Jan 05, 2026 

• Icon##### Scaling Cloud and Distributed Applications: Lessons and Strategies from chase.com, #1 Banking Portal in the US

Dec 17, 2025 

• ##### Building Distributed Event-Driven Architectures across Multi-Cloud Boundaries

Nov 19, 2025 

Related Sponsors

• #### Does your AI stack need a session layer? A maturity framework for teams building AI agents

Explore the missing “session layer” in the AI stack—where many production failures originate. This framework outlines maturity stages for delivering continuous, stateful AI experiences, from fragile HTTP streaming to resilient, multi-device, real-time systems with durable sessions. Read Now.

• #### Stateful agents, stateful infra: The transport gap AI teams are patching by hand

Every AI team hits the same wall and builds the same workaround. That's not a you problem. It's a missing layer. Read Now.

• Sponsored by


Related Content

• ##### CNCF Warns Kubernetes Alone Is Not Enough to Secure LLM Workloads

Apr 17, 2026

• ##### New Rowhammer Attacks on NVIDIA GPUs Enable Full System Takeover

Apr 14, 2026

• ##### CNCF and Kusari Partner to Strengthen Software Supply Chain Security across Cloud-Native Projects

Apr 10, 2026

• ##### Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

Apr 03, 2026

• ##### Cloudflare Adds Active API Vulnerability Scanning to Its Edge

Mar 31, 2026

• ##### Kubescape 4.0 Brings Runtime Security and AI Agent Scanning to Kubernetes

Mar 29, 2026

**The InfoQ** Newsletter

A round-up of last week’s content on InfoQ sent out every Tuesday. Join a community of over 250,000 senior developers. View an example

Enter your e-mail address

Select your country - [x] I consent to InfoQ.com handling my data as explained in this Privacy Notice.

We protect your privacy.

• Development

• ##### [C++26: Reflection, Memory Safety, Contracts, and a New Async Model](http://www.infoq.com/news/2026/04/cpp-26-reflection-safety-async/ "C++26: Reflection, Memory Safety, Contracts, and a New Async Model")

• ##### [From VR to Flat Screens: Bridging the Input and Immersion Gap](http://www.infoq.com/presentations/game-vr-flat-screens/ "From VR to Flat Screens: Bridging the Input and Immersion Gap")

• ##### [Cursor 3 Introduces Agent-First Interface, Moving beyond the IDE Model](http://www.infoq.com/news/2026/04/cursor-3-agent-first-interface/ "Cursor 3 Introduces Agent-First Interface, Moving beyond the IDE Model")

• Architecture & Design

• ##### [Cloudflare Outlines MCP Architecture as Enterprises Confront Security and Governance Risks](http://www.infoq.com/news/2026/04/cloudflare-mcp/ "Cloudflare Outlines MCP Architecture as Enterprises Confront Security and Governance Risks")

• ##### [Anthropic Introduces Managed Agents to Simplify AI Agent Deployment](http://www.infoq.com/news/2026/04/anthropic-managed-agents/ "Anthropic Introduces Managed Agents to Simplify AI Agent Deployment")

• ##### [Slack Rebuilds Notification System, Reports 5X Increase in Settings Engagement](http://www.infoq.com/news/2026/04/slack-new-notification-system/ "Slack Rebuilds Notification System, Reports 5X Increase in Settings Engagement")

• Culture & Methods

• ##### [Platform as a Product: Delivering Value While Balancing Competing Priorities](http://www.infoq.com/news/2026/04/platform-product-deliver-value/ "Platform as a Product: Delivering Value While Balancing Competing Priorities")

• ##### [Empower Your Developers: How Open Source Dependencies Risk Management Can Unlock Innovation](http://www.infoq.com/presentations/open-source-dependencies/ "Empower Your Developers: How Open Source Dependencies Risk Management Can Unlock Innovation")

• ##### [Tiger Teams, Evals and Agents: The New AI Engineering Playbook](http://www.infoq.com/podcasts/tiger-teams-evals-agents/ "Tiger Teams, Evals and Agents: The New AI Engineering Playbook")

• AI, ML & Data Engineering

• ##### [Dynamic Moments: Weaving LLMs into Deep Personalization at DoorDash](http://www.infoq.com/presentations/llm-personalization/ "Dynamic Moments: Weaving LLMs into Deep Personalization at DoorDash")

• ##### [Subagents in Gemini CLI Enable Task Delegation and Parallel Agent Workflows](http://www.infoq.com/news/2026/04/subagents-gemini-cli/ "Subagents in Gemini CLI Enable Task Delegation and Parallel Agent Workflows")

• ##### [Google’s Aletheia Advances the State of the Art of Fully Autonomous Agentic Math Research](http://www.infoq.com/news/2026/04/deepmind-aletheia-agentic-math/ "Google’s Aletheia Advances the State of the Art of Fully Autonomous Agentic Math Research")

• DevOps

• ##### [GitHub Acknowledges Recent Outages, Cites Scaling Challenges and Architectural Weaknesses](http://www.infoq.com/news/2026/04/github-outages-scaling/ "GitHub Acknowledges Recent Outages, Cites Scaling Challenges and Architectural Weaknesses")

• ##### [AWS Announces General Availability of DevOps Agent for Automated Incident Investigation](http://www.infoq.com/news/2026/04/aws-devops-agent-ga/ "AWS Announces General Availability of DevOps Agent for Automated Incident Investigation")

• ##### [Pulumi Adds Full Bun Runtime Support](http://www.infoq.com/news/2026/04/pulumi-bun-support/ "Pulumi Adds Full Bun Runtime Support")

**The InfoQ** Newsletter

A round-up of last week’s content on InfoQ sent out every Tuesday. Join a community of over 250,000 senior developers. View an example

• Get a quick overview of content published on a variety of innovator and early adopter technologies
• Learn what you don’t know that you don’t know
• Stay up to date with the latest information from the topics you are interested in

Enter your e-mail address

Select your country - [x] I consent to InfoQ.com handling my data as explained in this Privacy Notice.

We protect your privacy.

**May 7 | June 10, 2026 | Online** Architecture decisions are hard to validate while shipping. Join a **5-week online cohort** for **senior engineers, architects, and team leads** to pressure-test real decisions, apply practical frameworks, and work through challenges with a confidential peer group. Facilitated by Luca Mezzalira, Principal Architect at AWS, this cohort helps you: * Pressure-test real decisions. * Apply frameworks to real problems. * Publish on InfoQ.com and earn your certification. **RESERVE YOUR PLACE**

[Home](http://www.infoq.com/ "Home")[Create account](http://www.infoq.com/reginit.action "Create account")Log In[QCon Conferences](http://qconferences.com/ "QCon Conferences")Events[Write for InfoQ](http://www.infoq.com/write-for-infoq/ "Write for InfoQ")[InfoQ Editors](http://www.infoq.com/infoq-editors/ "InfoQ Editors")[About InfoQ](http://www.infoq.com/about-infoq/ "About InfoQ")[About C4Media](https://c4media.com/ "About C4Media")[Media Kit](https://get.infoq.com/infoq-mediakit/ "Media Kit")[InfoQ Developer Marketing Blog](https://devmarketing.c4media.com/?utm_source=infoq "InfoQ Developer Marketing Blog")[Diversity](https://c4media.com/diversity "Diversity")

#### Events

• ##### Online InfoQ Architect Certification

May 7, 2026

• ##### QCon AI Boston

June 1-2, 2026

• ##### Online InfoQ Architect Certification

June 10, 2026

• ##### QCon San Francisco

November 16-20, 2026

#### Follow us on

Youtube 232K FollowersLinkedin 26K FollowersRSS 19K ReadersX 57.1k FollowersFacebook 21K LikesBluesky NewInstagram New

#### Stay in the know

The InfoQ PodcastEngineering Culture PodcastThe Software Architects' Newsletter

General Feedback [feedback@infoq.com](mailto:feedback@infoq.com) Advertising [sales@infoq.com](mailto:sales@infoq.com) Editorial [editors@infoq.com](mailto:editors@infoq.com) Marketing [marketing@infoq.com](mailto:marketing@infoq.com)

InfoQ.com and all content copyright © 2006-2026 C4Media Inc.

Privacy Notice, Terms And Conditions, Cookie Policy

Close

[BT](http://www.infoq.com/int/bt/ "bt")