Google launches open-source tool for AI agents to manage Chrome Enterprise security
Google is releasing an open-source MCP server that connects AI agents directly to Chrome Enterprise APIs, letting IT and security teams automate browser security management tasks that typically require dozens of manual steps in the Google Admin console.
The server translates natural language commands into API calls, handling operations like security audits, data loss prevention rule creation, and policy deployment across organizational units. IT managers can describe what they need in plain English and let the agent handle the underlying technical work.
Three practical use cases
Health checks. Running a single command flags missing security connectors, inactive rules, and configuration gaps across your organization. The agent can then enable connectors or fix issues without manual Admin console navigation.
DLP rule creation. Building data loss prevention rules normally requires learning syntax and navigating a rule builder. The agent handles the Common Expression Language (CEL) syntax validation and applies the rule org-wide. Every rule created by the agent gets a robot emoji prefix so you can distinguish them from human-created policies.
Alert investigation. When security warnings create friction-like sales reps getting blocked from their CRM-the agent correlates activity logs with active rules to identify the specific policy firing and recommend narrower conditions.
Building custom workflows
The server works with any MCP-compatible client, so you can integrate it into internal dashboards, scheduled posture checks, or multi-tool agents that combine Chrome Enterprise data with signals from your SIEM or endpoint management tools.
You can wire the server into a cron job to run automated health checks on a schedule and alert on regressions. Or add it as a backend to a web-based admin tool so non-CLI users can run security reviews without switching to a terminal.
Getting started
You'll need Chrome Enterprise Premium to access full DLP features. The server requires Node.js 18+, the gcloud CLI, and a Google Cloud project.
Installation involves adding the server to your MCP client's settings file. The README includes configuration snippets for Claude Desktop, Claude Code, VS Code, and Gemini CLI. Authentication follows standard Google Cloud steps.
The code is available at google/chrome-enterprise-premium-mcp on GitHub. Google also provides pocket-cep, a reference React application you can clone to see how to build custom applications on top of the server.
One caveat: the agent provides suggestions for your review but does not replace professional security auditing. You must manually review and enable rules in the Admin Console to prevent accidental data loss.
Send feedback or submit pull requests to cep-mcp-feedback@google.com.
Your membership also unlocks:
