The TerraTrue Model Context Protocol (MCP) Server provides a secure and standardized bridge between TerraTrue’s risk management ecosystem and AI-powered interfaces.
This integration allows your organization’s privacy and security teams, product managers, and developers to query elements of the TerraTrue review ecosystem: including launch and review statuses, vendor details, and integrated Data Catalog metadata, all directly from AI platforms and custom-built agents.
Understanding MCP
The Model Context Protocol (MCP) is an open standard that enables Large Language Models (LLMs) to access external systems securely.
Rather than manually exporting context into an AI prompt, the MCP server allows your AI tools to "read" relevant information from TerraTrue in real-time. This ensures that AI-generated insights are grounded in your organization’s actual privacy and security posture and the live review data managed within TerraTrue.
How it Works – From Natural Language to Action
The MCP server effectively removes the need for users to understand relatively more complex API documentation or syntax. When you interact with an MCP-enabled AI tool or agent, the process follows a seamless path:
- Natural Language Request: You ask a question in plain English (e.g., "Show me all high-risk vendor reviews currently blocked by the Legal team").
- AI Interpretation: Your AI platform (such as Gemini or OpenAI) uses its internal infrastructure to interpret your intent and determine which "tools" or "resources" are needed from the TerraTrue MCP server.
- MCP Translation: The AI communicates with the MCP server, which acts as a translator. It converts your natural language request into the appropriate calls for TerraTrue’s published API endpoints.
- Information Retrieval: The MCP server invokes those endpoints, retrieves the specific review context or vendor data, and passes it back to the AI.
- Contextual Response: The AI delivers a formatted, human-readable answer back to you, having handled all the underlying API handshakes and data formatting behind the scenes.
Supported AI Platforms
TerraTrue’s MCP server is designed to work across a variety of AI environments:
- Standard AI CLIs: Direct integration with tools like the Gemini CLI and Copilot CLI.
- Custom AI Agents: Organizations developing their own internal AI agents or wrappers can connect to the TerraTrue MCP server to provide their models with deep context regarding risk management and data governance.
Capabilities
Integrating TerraTrue with an MCP-compatible tool enables several types of workflows, including:
- Contextual Querying: Retrieve the status, team membership, or stage of any active review.
- TPRM and Vendor Risk: Access vendor risk profiles and correlate them with internal security requirements.
- Data Catalog Interaction: Query stored data types to understand how sensitive information is being handled.
Authentication and Security
The MCP server adheres to TerraTrue’s standard security protocols. Configuration requires one of two supported authentication methods:
- API Secret Key: A static secret associated with a TerraTrue API user, provided in the request header.
- OIDC Federation (OAuth2): Federated identity provider support for organizations requiring centralized access control and MFA.
The choice of authentication is defined during the initial setup of the MCP client or agent.
Deployment
The MCP server is a managed feature available to TerraTrue B2B customers. Access must be provisioned by your organization's administrative team in coordination with TerraTrue.
- Activation: To enable MCP server functionality for your instance, please contact your Customer Success Manager.
- Setup: Detailed technical instructions for connecting specific CLI tools or configuring custom agents can be found in our MCP Configuration Guide.