Blog: How to deploy a simple chatbot application using Secure MCP Servers?
Context
You’ve built an agentic application that leverages MCP servers to give your agent advanced capabilities… and now it’s time to ship it to production! Securing the communication between your agent and the MCP servers—even within your own cluster—is essential. MCP’s innovative capabilities can now open the door to new security challenges while inheriting traditional vulnerabilities that have been inherent to such client/server implementations, that have been articulated by several companies including Acuvity, Cloudflare and Microsoft.
If an attacker breaches your environment, they could intercept your traffic or even alter your MCP server’s behavior without your knowledge, a list of common vulnerabilities are listed here.
Introducing the Secure MCP Servers
To address these risks, Acuvity has packaged the most-widely-used MCP servers into Secure MCP Servers, which include the following built-in security features:
- Isolated Execution: Runs each server in an isolated container to prevent lateral movement.
- Non-root by Default: Enforces least-privilege by dropping root access.
- Immutable Runtime: Uses a read-only filesystem to guarantee tamper-proof operations.
- Version Pinning & CVE Scanning: Ensures consistent, secure deployments with proactive vulnerability checks via Docker Scout.
- SBOM & Provenance: Provides traceable builds for full supply-chain transparency.
You can find the Secure MCP Servers on GitHub (https://github.com/acuvity/mcp-servers-registry) and pull images from mcp.acuvity.ai. They’re easy to deploy:
- Docker
- Helm
Take a look at the features comparison table to better understand the benefits offered by the Secure MCP Servers.
| 🚀 Feature | 🔹 MCP | 🔸 Minibridge | 📦 ARC (Acuvity Containers) | 🌟 ARC + Acuvity Platform |
|---|---|---|---|---|
| 🌐 Remote Access | ⚠️ HTTP/SSE Only | ✅ Built-in | ✅ Built-in | ✅ Built-in |
| 🔒 TLS Support | ❌ | ✅ Built-in | ✅ Built-in | ✅ Built-in |
| 📃 Tool integrity check | ❌ | ✅ Built-in | ✅ Built-in | ✅ Built-in |
| 📊 Visualization and Tracing | ❌ | ✅ Built-in | ✅ Built-in | ✅ Built-in |
| 🛡️ Isolation | ❌ | ⚠️ Basic | ✅ Built-in | ✅ Built-in |
| 🔐 Security Policy Management | ❌ | 👤 Custom Implementation | ⚠️ Basic | ✅ Built-in |
| 🕵️ Secrets Redaction | ❌ | 👤 Custom Implementation | ⚠️ Basic | ✅ Built-in |
| 🔑 Authorization Controls | ❌ | 👤 Custom Implementation | 👤 Custom Implementation | ✅ Built-in |
| 🧑💻 PII Detection and Redaction | ❌ | 👤 Custom Implementation | 👤 Custom Implementation | ✅ Built-in |
| 📌 Version Pinning | ❌ | ❌ | ✅ Built-in | ✅ Built-in |
| 🔍 Deep Multimodal Analysis & Redaction | ❌ | ❌ | ❌ | ✅ Built-in |
Minibridge – Lightweight Security Layer for MCP Servers
Secure MCP Servers include Minibridge, an open-source tool that transparently sits between your agents and MCP servers, adding essential security controls—such as SBOM generation and Rego policy enforcement—without changing the core protocol. Each feature is modular, so you can adopt only what you need:
- Secure Transport: TLS with optional client-certificate validation
- Integrity Enforcement: Prevents the MCP server from mutating tools, templates, or other assets at runtime
- User Authentication: Passes user identity through to the policy engine
- Monitoring: Exposes Prometheus metrics
- Telemetry: Reports traces and spans via OpenTelemetry
For full details, see Minibridge’s documentation in its public repository.
Step-by-step deployment
In our mcp-chatbot-demo repository, you’ll find a fully worked example that shows you how to deploy a simple chatbot using either Docker or Helm.
Simply clone the repo and follow the step-by-step instructions in the README: it walks you through configuring and launching the Secure MCP Servers, and your chatbot application with.
https://github.com/acuvity/mcp-chatbot-demo
Feel free to watch our walkthrough video to see exactly how to deploy this simple chatbot using Docker
Resources
This curated list of articles will help you explore MCP in depth—covering its core concepts, limitations, and the key concerns you should be aware of when using the protocol.
Chris
http://acuvity.aiChris is passionate about software development and exploring new technologies. At Acuvity, he leads the engineering team building the Gen AI Security Platform, ensuring projects stay on track and meet real-world needs. In his free time, he enjoys traveling and outdoor adventures
The referenced demo repo doesn’t currently exist 🙂
Hey Joshua, please check now. It seems the blog post was pushed before the link was live: https://github.com/acuvity/mcp-servers-registry