Yes. It is as secure as the rest of the platform is. Zoho MCP follows Zoho’s enterprise-grade security protocols. All data access and agent actions are governed by strict access controls, encrypted data handling, and audit trails. Agents operate under user-level permissions enforced via OAuth, meaning they can only perform actions that the specific user is authorized to do. Your existing Zoho role hierarchy and access controls are respected — an AI agent cannot bypass the permissions you’ve already configured in your Zoho apps.
It is worth mentioning that using Zoho MCP falls into the third-party AI’s (i.e., Anthropic Claude) privacy policy, because the whole purpose of MCP is to provide the said AI with access to your data. Hence, your data will be processed on the third-party AI’s side, and such processing will be governed by that AI’s privacy and data retention policy.
Be mindful with the permissions and MCP tools available for the particular server: if you give the AI a permission to delete your records, it can delete them by mistake and there’s nothing you can do besides making proper prompts and giving only the permissions you feel necessary.