Google and Google Cloud services can be used in your AI applications with enterprise-ready governance, security, and access control through our remote Model Context Protocol (MCP) servers.
MCP is an open source protocol developed by Anthropic that standardizes how AI applications connect to data sources.
In addition to offering remote MCP servers, Google Cloud offers several solutions for publishing your own MCP servers. Users connect to published MCP servers over HTTP and can authenticate and interact with them according to the MCP specification. For more information, see MCP server publishing.
How MCP works
MCP lets an AI application communicate with external services through a standardized set of components:
- MCP server
- A program that exposes capabilities of a service, like an API or database, to AI applications through standardized MCP interfaces.
- MCP host
- The main AI application that you're using or building—for example, Claude, VS Code, Gemini CLI, or Cursor IDE.
- MCP client
- A software component within the MCP host that handles communication between your AI application and the MCP server.
Local versus remote MCP servers
Local MCP servers typically run on your local machine and use the standard input and output streams (stdio) for communication between services on the same device.
Remote MCP servers run on the service's infrastructure and offer an HTTP endpoint to AI applications for communication between the AI MCP client and the MCP server.
For more information, see MCP architecture.
Google and Google Cloud remote MCP servers
Google and Google Cloud remote MCP servers have the following features and benefits:
- MCP discovery: Once a server is enabled in your project, AI applications
can discover the server's tools by using the MCP
tools/listmethod. - Administrative controls: Control MCP use at the organization, folder, and project level with custom organization policies.
- Authentication and Authorization: Google and Google Cloud remote MCP servers are compliant with the MCP authorization specification. Only agents, MCP clients, and end-users with established identities can authenticate and use MCP tools.
- Fine-grained authorization policies: Use IAM to control who can do what on which Google Cloud resources with MCP tools.
- Model Armor: Scan prompts and responses to protect against security risks and enforce your AI security policies.
For a list of Google and Google Cloud remote MCP servers, see Supported products.
Authentication
To authenticate to Google and Google Cloud MCP servers that require authentication, use your Google credentials or create an identity for your AI application. For more information, see Authenticate to MCP servers.
Control MCP use within a Google Cloud organization
Google Cloud administrators can control MCP use within their organization in the following ways:
Use custom organization policies to:
- Disable all MCP use in a Google Cloud organization.
- Enable specific services in specific folders or projects.
Use Identity and Access Management (IAM) to:
- Permit access to read-only or read-write MCP tools.
- Allow or Deny specific OAuth clients access to MCP tools.
For more information about organization level controls, see Control MCP use in a Google Cloud organization.
Model Armor protection
Model Armor helps secure your agentic AI applications by sanitizing MCP tool calls and responses. This process mitigates risks such as prompt injection, sensitive data disclosure, and tool poisoning.
To enable Model Armor for MCP endpoints, see Configure Model Armor protection for Google Cloud MCP servers.
MCP Publishing
If you want to create and publish your own MCP server for other people to use, then you can use the following MCP publishing options, depending on your needs:
- Apigee users with an existing API can publish their API as an MCP server.
- Developers who want to create their own MCP server can host it on Cloud Run.