Skip to main content

Announcing StackOne Defender: leading open-source prompt injection guard for your agent Read More

Connect

Connectors Agent Auth MCP Connector Builder

Optimize

Tool Discovery Falcon Engine

Secure

Defender
Connectors

HRIS / HCM

Employee Onboarding Employee Offboarding

Recruiting

Application Screening Interview Scheduling

Customer Support

Ticket Triage Voice Call Summarization

Sales & CRM

Deal Risk Scoring Lead Qualification

Accounting & Finance

Invoice Processing Month-End Accruals

Marketing

Campaign Reports Lead Nurture Sequences
View All AI Agent Use Cases

Developers

Docs Changelog Status

Learn

Blog Case Studies Events Partners
Pricing
Login Book Demo Start Free

Google Cloud Security MCP Server
for AI Agents

Production-ready Google Cloud Security MCP server with 56 extensible actions — plus built-in authentication, security, and optimized execution.

Start Free Book Demo Read Docs →
Google Cloud Security logo
Google Cloud Security MCP Server
Built by StackOne StackOne
DrataGPLocalyzeFlipMindtoolsScreenloop

Coverage

56 Agent Actions

Create, read, update, and delete across Google Cloud Security — and extend your agent's capabilities with custom actions.

MCP Actions → Create Actions →

Authentication

Agent Tool Authentication

Per-user OAuth in one call. Your Google Cloud Security MCP server gets session-scoped tokens with zero credentials stored on your infra.

Agent Auth →

Security

Agent Protection

Every Google Cloud Security tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.

Prompt Injection Defense →

Performance

Max Agent Context. Min Cost.

Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every Google Cloud Security call.

Tools Discovery →

What is the Google Cloud Security MCP Server?

A Google Cloud Security MCP server lets AI agents read and write Google Cloud Security data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's Google Cloud Security MCP server ships with 56 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Cursor, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.

All Google Cloud Security MCP Tools and Actions

Every action from Google Cloud Security's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.

Folders

  • Create Folder

    Create a new folder

  • List Folders

    List folders under a parent resource

  • Get Folder

    Get details of a specific folder

  • Search Folders

    Search for folders using a query

  • Update Folder

    Update a folder

  • Delete Folder

    Delete a folder

Project IAM Policys

  • Get Project IAM Policy

    Get the IAM policy for a project

  • Set Project IAM Policy

    Set the IAM policy for a project

Organizations

  • Get Organization

    Get details of a specific organization

  • Search Organizations

    Search for GCP organizations

Projects

  • Create Project

    Create a new GCP project

  • List Projects

    List all accessible GCP projects

  • Get Project

    Get details of a specific GCP project

  • Search Projects

    Search for GCP projects using a query

  • Update Project

    Update a GCP project

  • Delete Project

    Delete a GCP project

Project Roles

  • Create Project Role

    Create a custom IAM role in a project

  • List Project Roles

    List all custom roles in a project

  • Update Project Role

    Update a custom IAM role in a project

  • Delete Project Role

    Delete a custom IAM role from a project

Service Account Keys

  • Create Service Account Key

    Create a new key for a service account

  • List Service Account Keys

    List all keys for a service account

  • Get Service Account Key

    Get details of a specific service account key

  • Delete Service Account Key

    Permanently delete a service account key

Secret Versions

  • Add Secret Version

    Add a new version with secret data

  • List Secret Versions

    List all versions of a secret

  • Get Secret Version

    Get metadata of a specific secret version

Secrets

  • Create Secret

    Create a new secret in a project

  • List Secrets

    List all secrets in a project

  • Get Secret

    Get metadata of a specific secret

  • Update Secret

    Update metadata of an existing secret

  • Delete Secret

    Permanently delete a secret and all its versions

Secret IAM Policys

  • Get Secret IAM Policy

    Get the IAM policy for a secret

  • Set Secret IAM Policy

    Set the IAM policy for a secret

Service Accounts

  • Create Service Account

    Create a new service account in a project

  • List Service Accounts

    List all service accounts in a project

  • Get Service Account

    Get details of a specific service account

  • Update Service Account

    Update the metadata of an existing service account

  • Delete Service Account

    Delete a service account from a project

Tag Keys

  • List Tag Keys

    List tag keys under a parent resource

  • Get Tag Key

    Get details of a specific tag key

Tag Values

  • List Tag Values

    List tag values under a tag key

  • Get Tag Value

    Get details of a specific tag value

Other (13)

  • List Predefined Roles

    List all predefined IAM roles

  • Get Role

    Get details of a specific IAM role

  • Test Project IAM Permissions

    Test which IAM permissions the caller has on a project

  • Undelete Project Role

    Restore a recently deleted custom IAM role

  • Disable Service Account Key

    Disable a service account key

  • Enable Service Account Key

    Enable a previously disabled service account key

  • Access Secret Version

    Access the payload of a secret version

  • Enable Secret Version

    Enable a previously disabled secret version

  • Disable Secret Version

    Disable a secret version

  • Destroy Secret Version

    Permanently destroy a secret version

  • Disable Service Account

    Disable a service account immediately

  • Enable Service Account

    Enable a previously disabled service account

  • Undelete Service Account

    Restore a recently deleted service account

Set Up Your Google Cloud Security MCP Server in Minutes

One endpoint. Any framework. Your agent is talking to Google Cloud Security in under 10 lines of code.

MCP Clients

Agent Frameworks

Claude Desktop
{
  "mcpServers": {
    "stackone": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@latest",
        "https://api.stackone.com/mcp?x-account-id=<account_id>",
        "--header",
        "Authorization: Basic <YOUR_BASE64_TOKEN>"
      ]
    }
  }
}

Google Cloud Security MCP Server Resources

MCP Code Mode: Keeping Tool Responses Out of Agent Context

Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.

11 min

Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery

Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.

10 min

Indirect Prompt Injection Defense for MCP Tools: A Technical Guide

MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.

12 min

Google Cloud Security MCP Server FAQ

Google Cloud Security MCP server vs direct API integration — what's the difference?
A Google Cloud Security MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling Google Cloud Security. A Google Cloud Security MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling Google Cloud Security at runtime. StackOne provides both.
How does Google Cloud Security authentication work for AI agents?
Google Cloud Security authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own Google Cloud Security account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via origin_owner_id.
Are Google Cloud Security MCP tools vulnerable to prompt injection?
Yes — Google Cloud Security MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a Google Cloud Security agent and how do I avoid it?
Context bloat happens when Google Cloud Security tool schemas and API responses eat your Google Cloud Security agent's memory, preventing it from reasoning effectively. A single Google Cloud Security query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my Google Cloud Security agent can access?
Yes — you can limit which actions your Google Cloud Security agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my Google Cloud Security MCP server?
Yes — you can create custom agent actions for your Google Cloud Security MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research Google Cloud Security's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a Google Cloud Security MCP server?
Skip a Google Cloud Security MCP server if your integration is purely software-to-software — direct Google Cloud Security API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call Google Cloud Security actions at runtime.
What AI frameworks and AI clients does the StackOne Google Cloud Security MCP server support?
The StackOne Google Cloud Security MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.

Put your AI agents to work

All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.

Start Free Book Demo