TL;DR: The governance challenge is no longer whether AI can query endpoint data, but whether identity, access, and audit controls are ready for AI-mediated administration, as 1Password’s Device Trust MCP Server connects device security data to AI tools like Claude and ChatGPT, giving admins logged, auditable access to checks, issues, audit logs, and reporting across 59 API tools while the MCP ecosystem has grown from around 1,200 servers in early 2025 to over 6,400 today.
NHIMG editorial — what this means for AI and NHI governance
By the numbers:
- The ecosystem has grown from around 1,200 servers in early 2025 to over 6,400 today.
- The Device Trust MCP Server covers the full Device Trust API surface across 59 tools.
Questions worth separating out
Q: How should security teams govern MCP servers used by AI tools?
A: Treat each MCP server as a privileged non-human identity integration.
Q: Why do MCP-based workflows increase identity governance risk?
A: MCP-based workflows move administration into an AI client, which can hide how access is exercised unless logging and scope controls are explicit.
Q: What breaks when AI tools can query endpoint data without tight scoping?
A: The first failure is privilege expansion, because a broad tool surface makes it easy for the AI client to reach more data than the task requires.
Practitioner guidance
- Classify MCP servers as privileged integrations Assign each server an owner, a business purpose, and a least-privilege scope for the specific Device Trust tools it exposes.
- Require query-level audit trails Make sure every AI-mediated request can be traced back to the user, client, token, and endpoint set queried.
- Limit MCP data exposure by use case Separate administrative workflows that need device posture from those that need audit logs, owner data, or reporting.
What's in the full announcement
1Password's full article covers the operational detail this post intentionally leaves for the source:
- The full setup flow for running the Device Trust MCP Server locally with bearer-token authentication.
- The exact 59-tool Device Trust API surface exposed through the MCP connector.
- Examples of the device, people, issues, checks, audit logs, and reporting queries the server can handle in practice.
- The support-document installation steps for Claude, Cursor, and other MCP-compatible clients.
👉 Read 1Password's article on the Device Trust MCP Server for AI tools →
Device Trust MCP and endpoint governance: are your controls ready?
Explore further
MCP turns AI interfaces into non-human identity control points. The important change is not that AI can ask better questions, but that the AI client becomes the place where access, action, and accountability intersect. That makes MCP a governance boundary, not just an integration standard. Practitioners should evaluate it as part of non-human identity management, not as a UI layer.
A few things that frame the scale:
- Only 18% of MCP server deployments implement any form of access scoping for tool permissions, according to the State of MCP Server Security 2025.
- 24,008 unique secrets were exposed in MCP configuration files in 2025 alone, according to the State of MCP Server Security 2025.
A question worth separating out:
Q: How do compliance teams keep AI-mediated admin auditable?
A: Require logs that capture the user, the AI client, the token, the tool called, and the data returned. Then fold those records into access review and incident response processes so AI-mediated administration is visible in the same governance system as other privileged non-human identities.
👉 Read our full editorial: Device Trust MCP server changes how AI tools query endpoint risk