MCP servers are the interface layer between third-party AI assistants and your products and services. They hold credentials, broker data, and execute actions on behalf of users and agents. The security bar for that infrastructure needs to be high.

Today we're publishing our SOC 2 Type II report. Unlike Type I, which audits controls at a point in time, Type II covers an extended period: an independent auditor verified that our security controls were designed correctly and operated effectively over the full audit window. The audit was conducted by Sensiba LLP and covers the period March 1 to May 31, 2026, and it spans Security, Availability, and Confidentiality.

This report pertains to all of Alpic's operations and infrastructure: deployment pipelines, access controls, monitoring, incident response, and data handling. It doesn't cover the MCP servers you deploy on top of it; that's on you. Like any cloud provider, we operate a shared responsibility model: we own the platform security, you own your application and the data it exposes to agents.

Review our security controls and request the full report at trust.alpic.ai.