Sold by: Kriv AI
Kriv AI deploys and governs Model Context Protocol (MCP) servers on Customer's AWS account for enterprise Claude deployments. Scope: MCP server runtime on Amazon ECS (Fargate), MCP Registry, OAuth 2.1 + JWT + mTLS agent-to-server authentication, fine-grained RBAC / ABAC, AWS Secrets Manager with automatic rotation, prompt-injection + tool-poisoning + cross-tool isolation defenses, CloudTrail + OpenTelemetry + S3 Object Lock immutable audit, rate limiting + cost budgets, SOC 2 Type II Common Criteria (CC1–CC9) + ISO/IEC 27001:2022 Annex A + HIPAA §164.308 / §164.312 / §164.316 + PCI DSS v4.0.1 evidence mapping. Integrates with Bedrock Agents, Claude Agent SDK, and MCP servers. Three tiers: $50K Foundation / $85K Standard / $150K Enterprise + $15K Extra MCP Server. AWS Select + Databricks + Anthropic Claude Partner Network (April 9, 2026; partner, not reseller).
Overview
Every MCP server is a new identity, a new attack surface, and a new audit obligation. Until now, no fixed-fee transparent-pricing MCP server deployment + governance SKU has existed on AWS Marketplace with Anthropic CPN credentialing.
Model Context Protocol (MCP) is Anthropic's 2024 open standard for connecting AI applications (Claude Agent SDK, Bedrock Agents, custom Claude deployments) to data sources + tools via JSON-RPC 2.0. Adoption has been rapid (Anthropic, Cursor, Linear, Raycast, Block, Apollo, Replit, Zed, and dozens of platforms in 2025–2026). AWS launched the AWS API MCP Server (awslabs, Nov 2025). Amazon Bedrock AgentCore became HIPAA-eligible Feb 10, 2026. MCP is on the OWASP Top 10 for LLM Applications, prompt injection, indirect prompt injection, tool poisoning, and cross-tool contamination are now board-level enterprise risks.
Existing AWS Marketplace listings are thin. Rackspace FAIR Model Context Protocol Accelerator (Jul 2025, private-offer only) is the strongest direct competitor, 8-week, Bedrock-centric, zero-trust + SOC 2. Chaos Gears MCP Server on AWS is boutique with no CPN and no governance depth. Milvian Group MCP is ~2 weeks Bedrock-oriented and shallow. Off-Marketplace SMB MVP MCP servers run $25K–$50K; production multi-tenant SaaS $60K–$120K; enterprise $100K+. Rackspace FAIR Premier-tier industry-chatter is $150K–$400K.
Kriv white-space: only 2 direct Marketplace competitors with real governance; zero publish transparent tiered pricing, Kriv's $50K / $85K / $150K removes procurement friction; nobody else is CPN-branded; Kriv = only Claude-native implementer with Claude Agent SDK depth; HIPAA-aligned MCP is empty space; first-mover window.
Reference architecture. MCP Server Runtime (containerized on ECS Fargate; JSON-RPC 2.0 over TLS 1.3; mTLS; signed ECR images; ALB + App Mesh). MCP Registry (discovery, semantic versioning, deprecation, lifecycle hooks; manifest with owner, data classification, RBAC scopes, rate budget). Identity & Access (OAuth 2.1 + JWT agent-to-server; IAM Identity Center + SAML/OIDC; fine-grained RBAC + ABAC; tenant isolation via tags + SCPs). Secrets (Secrets Manager + KMS CMKs; per-tool scoping; auto rotation 30/60/90-day). PI Defenses (JSON-schema input validation; output sanitization; indirect-PI scanning; tool-poisoning detection; cross-tool isolation via per-invocation sandboxes; HITL gates for high-risk tools, payments, PHI writes, code execution, external sends, regulatory filings). Audit Logging (CloudTrail + application-layer structured logs per invocation, principal, tool, args, output hash, latency, cost; OpenTelemetry traces; S3 Object Lock 7-yr HIPAA retention). Rate + Cost (API Gateway throttles; per-agent / per-tenant token budgets; Model Invocation Logging → CloudWatch → QuickSight FinOps). Data Residency (per-region; VPC; PrivateLink to Bedrock / SageMaker / S3 / Secrets Manager). Security Monitoring (GuardDuty, Security Hub, Macie, Inspector). DevSecOps (CodePipeline + CodeBuild + SAST/DAST/SCA; SBOM SPDX/CycloneDX; signed ECR). Compliance (SOC 2 TSC CC1–CC9; ISO 27001:2022 Annex A; ISO 42001:2024; HIPAA §164.308/312/316; PCI DSS v4.0.1).
Week-by-week. W1 Scoping. W2 Landing zone + runtime baseline + DevSecOps pipeline. W3 MCP deployment + identity (OAuth 2.1 + JWT + mTLS; RBAC/ABAC; Secrets Manager). W4 PI defenses + HITL + rate limiting. W5 Audit + monitoring + cost dashboards (Foundation closes). W6 Standard, SOC 2 + ISO 27001:2022 evidence; MCP Registry (60-day warranty). W7–8 Enterprise, HIPAA alignment; multi-tenant validation; load testing; UAT; 90-day hypercare.
Three tiers. Foundation $50K (5 wk; 3 MCP servers; single-tenant; 30-day warranty) for Series A–C AI-native + internal-platform. Standard $85K (6 wk; up to 10 MCP servers; multi-tenant + Registry; SOC 2 Type II + ISO 27001:2022 evidence; 60-day warranty) for Series C–E + Fortune 1000 internal Claude. Enterprise $150K (8 wk; up to 20 MCP servers; full multi-tenant validation; HIPAA §164.308/312 alignment; load testing; 90-day hypercare) for regulated industries + multi-tenant SaaS. Optional Extra MCP Server $15K each.
Important disclosures. Kriv is a member of Anthropic Claude Partner Network (April 9, 2026), partner, not an Anthropic-authorized reseller. Kriv does NOT develop Customer MCP tools or business-logic applications, infrastructure + governance scope only. Kriv does NOT operate Customer MCP servers post-deployment (unless separate Managed Service retainer). Kriv issues no SOC 2 / ISO / HIPAA / HITRUST certifications. No legal / regulatory / compliance advice. AWS + Anthropic API + Bedrock consumption separate. No prompt-injection prevention guarantee, defenses reduce but don't eliminate risk. No MCP specification stability guarantee, MCP is evolving and breaking changes may require Customer-side remediation.
Highlights
- First Anthropic CPN-branded MCP governance SKU on AWS Marketplace, transparent $50K / $85K / $150K tiered pricing where every competitor is private-offer only. Only 2 direct Marketplace competitors with MCP governance depth (Rackspace FAIR $150K–$400K, Chaos Gears boutique no-CPN). Kriv = only Claude-native MCP implementer with Claude Agent SDK depth + HIPAA-aligned coverage. Category <1 year old; CSA MCP frameworks launching 2026.
- OAuth 2.1 + JWT + mTLS + RBAC / ABAC + Secrets Manager auto-rotation + JSON-schema input validation + output sanitization + indirect-PI scanning + tool-poisoning detection + cross-tool isolation via per-invocation sandboxes + HITL gates for high-risk tools (payments, PHI writes, code execution, external sends, regulatory filings). Rate limiting + per-agent / per-tenant token budgets + FinOps via CloudWatch + QuickSight.
- SOC 2 Type II Common Criteria (CC1–CC9) + ISO/IEC 27001:2022 Annex A (A.5–A.18) + ISO/IEC 42001:2024 + HIPAA §164.308 / §164.312 / §164.316 + PCI DSS v4.0.1 evidence mapping per tier. CloudTrail + OpenTelemetry + S3 Object Lock immutable audit (7-year HIPAA retention). GuardDuty + Security Hub + Macie + Inspector. AWS CodePipeline + CodeBuild with SAST / DAST / SCA + signed ECR images. DevSecOps pipeline + SBOM (SPDX / CycloneDX). Member of Anthropic CPN April 9, 2026.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Resources
Support
Vendor support
Primary contact. info@kriv.ai · +1-732-433-5564 · https://kriv.ai/support
Response SLA. First response within 2 US business days (Mon–Fri 9 am – 6 pm ET, ex-US federal holidays). Active engagements: Engagement Lead within 4 business hours weekdays. CISO-blocked Claude rollout or SOC 2 Type II renewal-deadline-driven engagements compress to same business day.
Onboarding SLA. First customer contact within 2 US business days of buyer inquiry / private-offer acceptance. Kickoff within 2–3 weeks of SOW; 5–10 business days when enforcement-driven.
Escalation. (1) Engagement Lead (named in SOW) → (2) Practice Director (info@kriv.ai ) → (3) CEO Abhinav Dangri (info@kriv.ai ).
Communication. Dedicated Microsoft Teams channel; weekly 60-min video checkpoint; Friday written status. Customer SMEs 4–6 hrs/week (Head of Platform Engineering, CISO, Head of AI Platform, Identity & Access Engineering, Cloud Engineering, Head of Developer Productivity).
Handoff. Word/Excel/PDF in customer secure share; reference architecture as .drawio + PNG; MCP server + Registry as Git repo (CloudFormation / CDK / Terraform); IAM + RBAC/ABAC matrix as JSON + Excel; SOC 2 + ISO 27001:2022 + HIPAA evidence mapping as Excel indexed to control IDs.
Out of scope. Kriv is a partner, not an Anthropic-authorized reseller. Does NOT develop Customer MCP tools or business-logic applications, infrastructure + governance only. Does NOT operate Customer MCP servers post-deployment (unless Managed Service retainer). Issues no SOC 2 / ISO / HIPAA / HITRUST certifications. No legal / regulatory / compliance advice. No prompt-injection prevention guarantee. No MCP specification stability guarantee.
AWS + Anthropic-side billing. AWS infrastructure + Anthropic API + Bedrock Claude consumption billed separately.
Holiday coverage. Closed on US federal holidays.