Connect Secureframe to ChatGPT: Manage Frameworks and Asset Scopes

If you need to connect Secureframe to ChatGPT to automate compliance monitoring, audit asset scopes, or manage third-party vendor risks, you need a Model Context Protocol (MCP) server. This server acts as the translation layer between ChatGPT's tool calls and Secureframe's REST APIs. If your team uses Claude, check out our guide on connecting Secureframe to Claude or explore our broader architectural overview on connecting Secureframe to AI Agents.

Giving a Large Language Model (LLM) read and write access to a live Governance, Risk, and Compliance (GRC) platform is an engineering challenge. You have to handle OAuth token lifecycles, map complex JSON schemas to MCP tool definitions, and navigate Secureframe's highly specific query language and data models. Every time Secureframe updates an endpoint or deprecates a field, your custom integration code breaks. This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for Secureframe, connect it natively to ChatGPT, and execute complex compliance workflows using natural language.

The Engineering Reality of the Secureframe API

A custom MCP server is a self-hosted integration layer. While the open MCP standard provides a predictable way for models to discover tools, the reality of implementing it against Secureframe's APIs - or maintaining custom connectors for 100+ other platforms - is painful.

If you decide to build a custom MCP server for Secureframe, you own the entire API lifecycle. Here are the specific integration challenges that break standard CRUD assumptions when working with Secureframe:

Immutable Asset Scopes

Secureframe tracks which devices, cloud resources, and repositories fall under the umbrella of a specific compliance framework (like SOC 2 or ISO 27001) using "Framework Asset Scopes". Unlike most REST APIs where you would send a PATCH or PUT request to update an asset's status, Secureframe's Framework Asset Scopes are entirely immutable. Once created, they cannot be modified. If an LLM decides a cloud resource should now be in-scope, it cannot update the existing scope record. It must create a completely new scope record. If your MCP server does not enforce this logic via the tool schema, the LLM will hallucinate update commands that fail with hard errors.

Lucene Syntax for Filtering

When an LLM wants to find a specific set of controls or cloud resources, it expects standard query parameters like ?status=failed. Secureframe does not work this way. It relies heavily on Apache Lucene query syntax passed through a single q parameter. To filter cloud resources, the model must format the request as q=vendor_name:"AWS" AND in_audit_scope:false. Your MCP tool descriptions must explicitly document this Lucene requirement, or the LLM will generate malformed query strings that return bad data.

Relationship Sideloading

Secureframe uses relationship sideloading to reduce API calls. To get a risk record along with its owner details, you must pass include=owner in the query string, which places the related object in a separate included array in the response payload. LLMs struggle to parse disjointed graphs. Your tooling must map these sideloaded relationships into a flat context window that the LLM can easily reason over.

Rate Limits and 429 Errors

Secureframe enforces rate limits to protect its infrastructure. When an AI agent runs a recursive compliance check across thousands of cloud resources, it will inevitably hit a 429 Too Many Requests error. Truto does not swallow these errors or implement forced backoff. Instead, Truto passes the 429 error directly to the caller, while normalizing Secureframe's specific rate limit data into standardized IETF headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset). This pass-through architecture ensures your AI application orchestrator or Langchain agent remains in full control of retry logic and pacing, preventing silent timeouts.

The Managed MCP Approach

Instead of forcing your engineering team to build and host custom middleware to translate Secureframe's quirks into LLM tools, Truto handles it dynamically. When you connect a Secureframe instance to Truto, the platform automatically derives a suite of MCP tools from Secureframe's API endpoints and schemas. These tools are exposed securely over a standardized JSON-RPC 2.0 endpoint.

Here is how to deploy it in two steps.

Step 1: Create the Secureframe MCP Server

You can generate the MCP server URL dynamically via the Truto UI or the API.

Via the Truto UI

1. Log into your Truto dashboard and navigate to the integrated account page for your connected Secureframe instance.
2. Click the MCP Servers tab.
3. Click Create MCP Server.
4. Select your desired configuration (for example, restricting the server to "read-only" methods or filtering by specific tags like "cloud_resources").
5. Copy the generated MCP server URL (it will look like https://api.truto.one/mcp/abc123def456...).

Via the API

For teams building automated agent provisioning, you can generate this URL programmatically. The API validates the configuration, generates a cryptographically hashed token, and schedules the database and KV storage.

curl -X POST https://api.truto.one/integrated-account/{integrated_account_id}/mcp \
  -H "Authorization: Bearer YOUR_TRUTO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Secureframe Compliance Agent",
    "config": {
      "methods": ["read", "write"]
    }
  }'

The response returns the tokenized URL:

{
  "id": "mcp_srv_01",
  "name": "Secureframe Compliance Agent",
  "config": { "methods": ["read", "write"] },
  "expires_at": null,
  "url": "https://api.truto.one/mcp/a1b2c3d4e5f6..."
}

Step 2: Connect the Secureframe MCP Server to ChatGPT

With the URL in hand, connecting the server to your LLM requires zero additional coding.

Via the ChatGPT UI

1. Open ChatGPT and navigate to Settings -> Apps -> Advanced settings.
2. Ensure Developer mode is enabled (available on Plus, Team, and Enterprise plans).
3. Under MCP servers / Custom connectors, click Add new server.
4. Name the server (e.g., "Secureframe Production").
5. Paste the Truto MCP server URL into the endpoint field and save.

ChatGPT will immediately ping the initialization endpoint, negotiate the JSON-RPC handshake, and load the Secureframe tools into its context.

Via Configuration File (For Custom Claude/Agent Workflows)

If you are using a local agent, Claude Desktop, or the MCP CLI Inspector, you can configure the connection by passing the SSE (Server-Sent Events) transport command directly into your agent's config file.

{
  "mcpServers": {
    "secureframe_prod": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "https://api.truto.one/mcp/a1b2c3d4e5f6..."
      ]
    }
  }
}

Secureframe Hero Tools for AI Agents

Truto automatically generates tools for every Secureframe endpoint, mapping query schemas, path variables, and required body payloads into a flat LLM-friendly namespace. Here are the highest-leverage tools available to your agent.

1. List All Secureframe Frameworks

This tool retrieves the compliance frameworks your company is currently tracking (e.g., SOC 2, HIPAA, ISO 27001). It is essential for determining the framework_id required for subsequent asset scoping operations.

"Query Secureframe to list all active frameworks we are tracking. I need the exact ID for our SOC 2 Type II framework to audit our cloud resource scopes."

2. List All Secureframe Cloud Resources

Extracts cloud infrastructure assets ingested by Secureframe from platforms like AWS, GCP, or Azure. The tool description explicitly informs the LLM to use Lucene syntax via the q parameter for filtering.

"Use Lucene syntax to search Secureframe for all cloud resources where vendor_name:"AWS" and in_audit_scope:false. Return a list of their IDs and region data."

3. Create a Secureframe Cloud Resource Framework Asset Scope

Because asset scopes are immutable, this tool is the only way to alter whether a cloud resource is monitored under a specific framework. It forces the LLM to provide a justification if the asset is being moved out of scope.

"Create a new framework asset scope for cloud resource ID res_890. Set in_audit_scope to true for framework ID frm_123. The reason is 'Internal load balancer now processing production traffic'."

4. List All Secureframe Controls

Retrieves internal compliance controls. This tool is heavily utilized by agents building automated gap assessments, as it returns the health_status of each control.

"Find all Secureframe controls with a health_status of 'failing'. Group them by their assigned owner_name so I can draft follow-up Slack messages."

5. List All Secureframe TPRM Vendors

Audits your Third-Party Risk Management (TPRM) directory. This allows the AI to monitor which external SaaS vendors pose a risk to your compliance posture.

"Retrieve all active third-party vendors from Secureframe where risk_level is 'high'. Tell me when they were last updated."

6. Get Single Secureframe User Security Setting by ID

Fetches highly specific security configuration data for a given user. Ideal for access reviews and determining if employees have completed mandatory security awareness training.

"Check the user security settings for user ID usr_456. Confirm if their background check and security training are marked as complete."

(Note: This is just a subset of available tools. To view the complete inventory and detailed JSON schemas, visit the Secureframe integration page.)

Workflows in Action

When you combine Secureframe's data models with the reasoning capabilities of ChatGPT, complex GRC operations that previously required hours of manual spreadsheet reconciliation can be executed in seconds.

Workflow 1: Cloud Resource Scope Auditing

Security engineers often need to identify rogue AWS resources that have fallen out of audit scope and bring them back into compliance.

"Audit our AWS resources in Secureframe. Find any resource that is currently out of audit scope for SOC 2. For each one, create a new framework asset scope bringing it back into scope, and log the reason as 'Automated AI policy remediation'."

Execution Steps:

1. list_all_secureframe_frameworks: The agent fetches the framework list to identify the ID for SOC 2.
2. list_all_secureframe_cloud_resources: The agent passes q=vendor_name:"AWS" AND in_audit_scope:false to filter the exact resources needing attention.
3. create_a_secureframe_cloud_resource_framework_asset_scope: For each resource ID returned, the agent executes this tool, passing the SOC 2 framework ID, setting it to in-scope, and appending the justification.

sequenceDiagram
    participant ChatGPT as "ChatGPT Client"
    participant Truto as "Truto MCP Server"
    participant SF as "Secureframe API"

    ChatGPT->>Truto: Call tool: list_all_secureframe_cloud_resources<br>args: {"q": "in_audit_scope:false"}
    Truto->>SF: GET /cloud_resources?q=in_audit_scope:false
    SF-->>Truto: Return resources [res_1, res_2]
    Truto-->>ChatGPT: Return JSON list

    loop For each resource
        ChatGPT->>Truto: Call tool: create_a_secureframe_cloud_resource...<br>args: {"cloud_resource_id": "res_1"}
        Truto->>SF: POST /cloud_resources/res_1/framework_asset_scopes
        SF-->>Truto: 201 Created
        Truto-->>ChatGPT: Success confirmation
    end

Workflow 2: Automated Vendor Risk Triage

Vendor security reviews require pulling third-party lists and correlating them with internal controls.

"Find all third-party vendors in Secureframe with a high risk level. Then, check our internal controls for any failing control owned by the IT team to see if there is an overlapping vulnerability."

Execution Steps:

1. list_all_secureframe_tprm_vendors: The agent queries the TPRM directory using q=risk_level:high AND archived:false.
2. list_all_secureframe_controls: The agent queries internal controls using q=health_status:failing AND owner_name:"IT".
3. Synthesis: The agent compiles the results directly in the ChatGPT interface, presenting a unified risk brief linking dangerous vendors to failing internal controls.

Security and Access Control

Exposing an enterprise compliance platform to an LLM requires strict boundary enforcement. Truto's MCP architecture provides native security controls directly on the generated token:

• Method Filtering: Limit your ChatGPT instance to read-only access. Passing config: { methods: ["read"] } during token creation completely removes write tools (like create or delete) from the MCP server. The LLM simply cannot see them.
• Tag Filtering: Group tools by functional area. If you only want the AI to handle vendors, apply a tag filter for tprm_vendors. Tools outside this tag will not be generated.
• Secondary Authentication: By setting require_api_token_auth: true, possession of the MCP URL is no longer enough. The client must also pass a valid Truto API token in the Authorization header, preventing unauthorized usage if the URL leaks.
• Automatic Expiration: Set an expires_at ISO datetime when generating the server. Truto's KV infrastructure and Durable Object alarms will automatically destroy the token, the tools, and the endpoints at the precise expiration time, ensuring zero lingering access.

Build the Future of GRC Operations

Writing and maintaining a custom MCP server for Secureframe means signing up to track schema drift, manage OAuth token refreshes, and write endless validation logic for Lucene queries and immutable records.

With Truto, you bypass the infrastructure boilerplate. You connect Secureframe once, generate the MCP token, and your AI agents immediately get structured, type-safe access to your compliance environment.