Who's Auditing Your AI's Tools? Building an ISO 27001-Ready MCP Security System on Notion MCP

This is a submission for the Notion MCP Challenge What I Built A question most organisations have not yet asked: who is auditing the MCP servers your AI agents depend on? Every time an AI agent calls a tool-whether to read a file, query a database, or hit an API-it places trust in an MCP server. That server might: contain command injection vulnerabilities. It might exfiltrate credentials via undisclosed network calls. It might embed hidden instructions in tool descriptions designed to manipulate AI behaviour. Under ISO 27001, these MCP servers constitute third-party software components : information assets (A.8.1) with supply chain risk (A.15.1) that require vulnerability assessment (A.12.6), audit logging (A.12.4), and regular compliance review (A.18.2). Most organisations today cannot answer a basic auditor question: "Show me your inventory of MCP servers and their security posture." This is not a hypothetical risk. Researchers from the University of Delaware published the first comp