Real Results

Case Studies

How businesses use MindFizz to secure their AI tools, achieve compliance, and eliminate invisible risks.

MCPScan

How a fintech startup secured their MCP tools in 30 minutes

Series A Fintech — London

Challenge

A fast-growing payments startup had integrated 12 MCP servers across their AI agent stack for everything from customer onboarding to fraud detection. During a routine sprint, a developer noticed API keys appearing in MCP tool responses — but had no way to audit the full surface area. With SOC 2 auditors arriving in 3 weeks, they needed answers fast.

Solution

We deployed MCPScan across their entire MCP configuration. Within 30 minutes, the scan completed all 10 check modules — uncovering 3 credential leaks in tool descriptions, 2 SSRF-vulnerable endpoints, and a toxic data flow where customer PII was being passed between tools without sanitisation. All findings were local-first with zero data leaving their infrastructure.

Results

  • 3 credential leaks identified and remediated same day
  • 2 SSRF vulnerabilities patched before production exposure
  • Toxic data flow between 4 tools mapped and isolated
  • SOC 2 audit passed on first attempt
  • MCPScan now runs in CI/CD on every MCP config change

We thought our MCP setup was secure because each tool worked fine individually. MCPScan showed us the gaps between them — the toxic flows we couldn't see. It probably saved us from a breach.

Head of Engineering
vCISO

SMB to Cyber Essentials in 6 weeks

25-person Professional Services Firm — Manchester

Challenge

A growing consultancy was losing bids because they couldn't demonstrate baseline cybersecurity. Their IT was managed by one part-time contractor, they had no security policies, and staff were using personal devices with no MDM. They needed Cyber Essentials certification to win a major government framework contract — and the deadline was 8 weeks away.

Solution

MindFizz provided a vCISO engagement combining AI-driven gap analysis with hands-on consulting. Week 1: automated asset discovery and policy gap scan. Weeks 2-3: templated security policies customised to their business, deployed via their existing Microsoft 365 stack. Weeks 4-5: staff awareness training and technical controls (firewall rules, patching schedule, access controls). Week 6: pre-assessment audit and submission.

Results

  • Cyber Essentials certified in 6 weeks (2 weeks ahead of deadline)
  • 14 security policies created and adopted
  • 100% staff completion of security awareness training
  • Won the government framework contract (£340K annual value)
  • Ongoing quarterly vCISO reviews at fraction of full-time CISO cost

We went from zero security posture to certified in six weeks. The AI-assisted approach meant we weren't starting from blank documents — everything was tailored to our size and sector from day one.

Managing Director
Toxic Flow Detection

Detecting toxic data flows across AI agent tools

Mid-market SaaS Platform — Remote (UK/EU)

Challenge

A B2B SaaS company had built an AI agent platform where customers could chain together 50+ MCP tools. They suspected sensitive data was leaking between tool boundaries — customer data from a CRM tool flowing into a public search tool, for example — but had no visibility. A GDPR data mapping exercise had flagged 'unknown AI tool data flows' as a critical risk.

Solution

We used MCPScan's toxic flow detection module to map every data path across their tool chain. The analysis traced how data flowed between MCP servers, identifying where sensitive fields (emails, phone numbers, financial data) crossed trust boundaries. We then built a classification layer that tagged sensitive data types and enforced boundary rules — blocking toxic flows in real-time.

Results

  • 47 toxic data flows identified across 50+ tool integrations
  • 12 critical flows where PII crossed trust boundaries flagged and blocked
  • GDPR data map completed with full AI tool coverage
  • Real-time flow monitoring dashboard deployed
  • Zero data incidents in 6 months post-deployment

We knew data was moving between our AI tools, but we had no idea how much sensitive information was crossing boundaries it shouldn't. The toxic flow detection turned an invisible risk into something we could actually manage.

VP of Engineering

Ready to secure your AI stack?

Get in touch to discuss how MindFizz can help your business.

Get in Touch