MCP Apps let AI agents render interactive dashboards, forms, and visualizations directly inside chat windows. That is impressive in a demo. In a 300-person company with SOC 2 requirements, it is terrifying. Airia became the first enterprise platform to ship governed MCP Apps support on February 12, 2026, wrapping the Anthropic-OpenAI standard in admin-managed authorization, change detection, and full audit trails. Seventeen days after the MCP Apps spec went live, Airia had a production-ready governance layer around it. That speed matters because MCP Apps adoption is accelerating without enterprise guardrails, and most organizations are not prepared for the security implications of running third-party web applications inside their AI workflows.
The Gap Between MCP Apps Demo and MCP Apps Production
MCP Apps (SEP-1865) extend the Model Context Protocol so tools can return interactive HTML interfaces rendered in sandboxed iframes. Figma, Slack, Amplitude, and seven other companies launched day-one integrations on January 26, 2026. The spec includes sandboxing, declarative CSP, and auditable JSON-RPC communication. That is a solid security baseline for individual users.
Enterprise deployments face three problems the spec does not solve:
Who authorizes which apps? In a team of 50 sales reps using Claude through an MCP gateway, who decides whether the Salesforce MCP App can render a deal pipeline with real revenue numbers? The spec has no concept of administrator-managed tool authorization. It assumes the end user consents to each tool call individually.
What happens when a tool changes? MCP servers update their tool definitions without notification. A CRM MCP App that queried contacts last week might start writing to accounts this week. The spec has no change detection mechanism. For enterprises subject to SOC 2 or ISO 27001, undetected tool definition changes violate change management controls.
Where do credentials live? When an MCP App renders a dashboard with live data from Snowflake, something has to authenticate to Snowflake. In the default MCP architecture, credentials live on the client or in the MCP server configuration. Neither location is acceptable for enterprises that require centralized credential management and rotation.
These are not hypothetical concerns. They are the exact blockers that kept enterprises from adopting MCP tooling through Q4 2025, according to Airia’s own research.
What Airia Actually Ships
Airia’s MCP Apps support works through two paths. Enterprises can connect Claude, ChatGPT, VS Code, or Goose through Airia’s secure MCP gateway, where interactive experiences render in the client. Or they can run MCP Apps natively inside Airia’s own chat interface. Both paths share the same governance layer.
The governance features address each gap:
Administrator-managed tool authorization. IT admins define which MCP Apps are available to which user groups. A marketing team might have access to the Canva and Clay MCP Apps; the finance team gets Hex and Amplitude. Unauthorized apps never appear as available tools, so the LLM cannot invoke them even if prompted to.
Change detection. Airia’s gateway monitors tool definitions from connected MCP servers. When a tool’s name, description, input schema, or annotations change, the gateway flags the modification and pauses the tool until an administrator reviews and re-approves it. This catches both malicious tool poisoning attacks and benign breaking changes.
Version pinning. Administrators can lock specific MCP server versions. When the upstream server releases an update, the gateway continues serving the pinned version until the admin explicitly upgrades. This prevents the “it worked yesterday” failures that plague teams relying on third-party MCP servers.
Proxy-mediated credentials. All authentication to backend systems passes through Airia’s gateway. Credentials never reach the client or the AI model. The gateway handles token refresh, scoping, and rotation centrally. When an employee leaves, revoking their Airia access revokes all downstream MCP connections in one step.
Full audit trails. Every tool call, every UI interaction, every credential access is logged with user identity, timestamp, and the complete request/response payload. Spencer Reagan, Airia’s Product Director, put it directly: “Enterprise teams don’t work in plain text. They work with dashboards, forms, and structured interfaces. MCP Apps brings that same richness into AI-powered workflows.”
The MCP Gateway Market in 2026
Airia is not the only MCP gateway. The market has grown quickly since mid-2025, and each player emphasizes a different slice of the problem.
| Gateway | Focus | MCP Apps Support |
|---|---|---|
| Airia | Unified security + orchestration + governance | Yes (first to ship) |
| Docker MCP Gateway | Container-native, Kubernetes-focused | Not yet |
| Traefik Hub | API management middleware extension | Not yet |
| Lasso Security | Security-first (prompt injection protection) | Not yet |
| MintMCP | One-click STDIO deployment, SOC 2 Type II | Planned |
| Lunar.dev MCPX | Developer-focused with RBAC and observability | Not yet |
The competitive gap is clear: most gateways treat MCP as a tool execution problem. Airia treats it as an application platform problem, which is exactly what MCP Apps requires. Rendering interactive UIs through a gateway adds complexity that pure tool-call proxies were not designed for. The gateway has to fetch UI resources, enforce CSP policies, and audit bidirectional postMessage communication, not just forward JSON tool calls.
Airia’s other differentiators: over 1,000 pre-configured integrations (the largest MCP catalog claimed as of late February 2026), inclusion in the 2026 Gartner Emerging Tech report on Agentic Orchestration Platforms, and a $100M funding base from co-founder John Marshall, who previously co-founded AirWatch (acquired by VMware for $1.54B).
Enterprise Use Cases That Go Beyond Text
The whole point of MCP Apps in enterprise settings is that business workflows require more than text responses. Here is what Airia highlights as production use cases:
Sales pipeline dashboards. A sales manager asks Claude: “Show me Q1 pipeline by region.” Instead of a text table, the Salesforce MCP App renders an interactive dashboard where the manager filters by deal stage, drills into specific accounts, and exports a PDF report. All within the chat window, all with data pulled live from Salesforce through Airia’s credential-managed gateway.
DevOps configuration wizards. An SRE asks: “Set up the staging environment for the new microservice.” The infrastructure MCP App renders a multi-step wizard with dependency validation. Selecting “production” reveals additional security options. Selecting a conflicting port shows a warning before the configuration is applied. The wizard prevents the class of deployment errors that come from natural-language-described configurations.
Compliance audit trails. A compliance officer asks: “Show me all data access events for the Q4 SOC 2 audit.” Instead of a summarized text response (which could hallucinate details), the audit MCP App renders the actual event log with inline drill-down, filtering by user, timestamp, and data classification level. The rendered data comes directly from the source system, not from the AI model’s interpretation, eliminating hallucination risk for compliance-critical information.
Data analysis with interactive charts. A product manager asks: “Compare user retention across the three pricing tiers.” The Hex MCP App queries the data warehouse through Airia’s gateway, then renders an interactive chart where the PM can adjust time ranges, toggle cohorts on and off, and hover for exact values. No re-prompting, no waiting for the model to regenerate a different view.
Pricing and Getting Started
Airia offers four tiers:
| Plan | Price | Users | Monthly Executions |
|---|---|---|---|
| Free | $0 | 1 | 100 |
| Individual | $50/month | 1 | 1,000 |
| Team | $250/month | Unlimited | 10,000 |
| Enterprise | Custom | Custom | SSO/SAML, audit logs, dedicated support |
All plans include a 14-day free trial. The enterprise tier adds the governance features (admin authorization, change detection, version pinning) that make MCP Apps viable for regulated environments. For a 50-person team running 200 agent interactions per day, the Team plan at $250/month is roughly $0.001 per interaction, which is negligible compared to the LLM inference costs.
MCP Apps support is available now through Airia’s platform and gateway for Claude, ChatGPT, VS Code, and Goose. The company operates from Atlanta with offices across Singapore, London, Dubai, Melbourne, and Bangalore, serving over 300 enterprise customers including BuzzFeed, ArcelorMittal, and Northwestern University.
Frequently Asked Questions
What is Airia’s MCP Apps enterprise support?
Airia is the first enterprise AI platform to support MCP Apps with governance controls. Their implementation adds administrator-managed tool authorization, change detection that flags modified tool definitions, version pinning for stability, proxy-mediated credential isolation, and full audit trails on top of the Anthropic-OpenAI MCP Apps standard (SEP-1865).
How does Airia’s MCP Apps support differ from using MCP Apps directly?
Using MCP Apps directly gives you sandboxed iframes and basic security. Airia adds enterprise governance: admin-controlled app authorization per team, change detection that pauses modified tools until re-approved, version pinning to prevent surprise updates, centralized credential management through a proxy gateway, and compliance-grade audit logging of every interaction.
Which AI clients work with Airia’s MCP Apps gateway?
Airia’s MCP Apps support works with Claude (web and desktop), ChatGPT, VS Code with GitHub Copilot, and Goose. Users can connect these clients through Airia’s secure MCP gateway, or use MCP Apps natively within Airia’s own interface. Both paths share the same governance and audit controls.
How much does Airia cost for enterprise MCP Apps?
Airia offers a free tier (1 user, 100 executions/month), Individual ($50/month, 1,000 executions), Team ($250/month, unlimited users, 10,000 executions), and Enterprise (custom pricing with SSO/SAML, full audit logs, and dedicated support). The enterprise governance features for MCP Apps are available on the Enterprise tier.
What enterprise use cases does MCP Apps support through Airia?
Key enterprise use cases include interactive sales pipeline dashboards rendered from live CRM data, DevOps configuration wizards with dependency validation, compliance audit trail viewers with inline drill-down from source systems, and data analysis with interactive charts from tools like Hex and Amplitude. All interactions are governed through Airia’s admin authorization and audit trail system.