I am looking into integrating our AI agents with our Salesforce org. Can anyone explain how using the new Salesforce Hosted MCP Servers provides better security or governance than just hitting the REST API directly? I am particularly worried about data masking and ensuring the LLM doesn't see sensitive PII during the retrieval-augmented generation (RAG) process.
3 answers
The primary advantage is that Hosted MCP Servers act as a governed gateway specifically designed for the "handshake" between LLMs and your CRM. Unlike standard REST APIs that provide a broad pipe, MCP servers use a metadata-centric approach to expose only specific "tools" or "resources." This means you can define granular permissions at the protocol level, ensuring the AI only calls authorized functions. It respects the Salesforce security model (FLS and Sharing Rules) inherently, but adds a layer of audit logging that tracks exactly what context the AI requested, which is much harder to parse in traditional API logs.
That makes sense for the data layer, but how does it handle session-based context? If I have a complex multi-step agent, does the MCP server maintain the state of the user’s permissions across different calls, or do we have to re-authenticate every single time the AI tries to fetch a new record?
It’s basically about reducing the attack surface. By using MCP, you aren't exposing your entire API schema to the LLM, just the specific modular skills it needs for the task.
Exactly, Jessica. I’ve noticed that it also helps with token limits because the MCP server can pre-filter and summarize the data before sending it back to the LLM, which is a great SEO-friendly optimization for performance too.
Michael, it uses the OAuth 2.0 flow integrated into the External Client App configuration. Once the initial handshake is done, the MCP server manages the session state. It essentially proxies the user's context, so the AI doesn't need to "know" the credentials, it just invokes the tool. This prevents credential leakage to the LLM provider, which is a massive security win for any cloud architect