PlexTrac recognized in 2025 Gartner® Magic Quadrant™ for Exposure Assessment Platforms
PlexTrac Platform Overview
Centralize security data, prioritize risk by business impact, and automate remediation workflows
2025 Gartner® Magic Quadrant™ Report for Exposure Assessment Platforms
Last updated: April 25, 2026
This Addendum governs Customer’s use of the PlexTrac Model Context Protocol (MCP) integration feature, which enables Customer to connect the PlexTrac platform to third-party connectors via the PlexTrac API. By enabling the MCP integration or clicking “I Accept,” Customer agrees to the terms of this Addendum, which forms part of and is incorporated into the PlexTrac Master Services Agreement (“MSA”) between PlexTrac, Inc. and Customer. This Addendum is effective as of the date Customer first enables the MCP integration or accepts these terms, whichever is earlier.
Capitalized terms used but not defined herein have the meanings given in the MSA. In the event of a conflict between this Addendum and the MSA, this Addendum controls solely with respect to MCP integration matters. All other MSA terms remain in full force and effect.
Subject to the MSA and this Addendum, Customer may connect the PlexTrac platform to Customer’s own third-party Model Context Protocol connector (“Customer MCP”) that communicates with the PlexTrac API. A Customer MCP is a software connector or similar integration operated by Customer. PlexTrac’s obligations extend only to making the PlexTrac API available in accordance with the MSA. PlexTrac does not warrant or endorse any Customer MCP. Customer is solely responsible for selecting, operating and maintaining any Customer MCP.
Customer may use the MCP integration only for the use cases made available by PlexTrac (currently eleven (11) use cases), as described in PlexTrac’s then-current API documentation (“Defined Use Cases”). PlexTrac reserves the right to add, modify, or discontinue Defined Use Cases upon reasonable prior written notice to Customer.
A “Use Case Execution” means a single, complete, end-to-end invocation of one Defined Use Case through the Customer MCP, regardless of the number of underlying API calls required. Customer may execute up to 1,200 Use Case Executions per instance per contract year (“Annual Allowance”) at no additional charge, provided Customer has an active Core or Premium subscription. PlexTrac will maintain usage records accessible via the administrative dashboard or upon written request.
Use Case Executions beyond the Annual Allowance will be invoiced monthly in arrears at PlexTrac’s then-current overage rate set out in the applicable Order Form or, if not specified, at PlexTrac’s standard rates. Customer shall pay each overage invoice within thirty (30) days of receipt, or may purchase additional capacity under a separate Order Form at any time. If Customer fails to pay an overage invoice when due, PlexTrac may suspend MCP access upon written notice.
Customer is solely responsible for its use of any Customer MCP and compliance with applicable laws, regulations, and third-party terms of service.
Customer may only connect a Customer MCP that meets the requirements set out in Section 7. Customer represents and warrants that any Customer MCP used in connection with this Addendum does not route Customer Data through any AI model, large language model, or third-party service that is prohibited under applicable law or expressly disallowed in PlexTrac’s documentation. “Customer Data” has the meaning given in the MSA and includes, for purposes of this Addendum, any data, content, or information transmitted to or from the PlexTrac API via a Customer MCP.
Customer is responsible for all data transmitted to or from the PlexTrac API via a Customer MCP and all outputs generated through such integration (“MCP Outputs”).
PlexTrac will not use Customer Data transmitted via a Customer MCP to train, fine-tune, or improve any AI model. PlexTrac’s processing of such data is limited to what is strictly necessary to provide the Defined Use Cases.
Notwithstanding anything to the contrary in the MSA or any other agreement between the parties, PlexTrac shall have no liability whatsoever arising out of or relating to any Customer MCP, MCP Outputs, or Customer’s use of the MCP integration. MCP integrations and MCP Outputs are provided on an “as-is” and “as-available” basis. Customer acknowledges that MCP Outputs may be incomplete or inaccurate and must be independently validated by qualified personnel. PlexTrac makes no representation or warranty as to the accuracy, completeness, fitness for purpose, or reliability of any MCP Output, and Customer assumes sole responsibility for any decisions made or actions taken in reliance on such MCP Outputs. For the avoidance of doubt, MCP integrations and related API access are not subject to any service level commitments.
Customer represents that it has all rights, consents, and permissions required to operate the Customer MCP and transmit data through it to the PlexTrac API. Customer is responsible for any data shared with or processed by a Customer MCP. Customer shall not transmit PHI, PCI cardholder data, government-classified or controlled unclassified information, biometric data, or other sensitive personal data requiring heightened protection through a Customer MCP without a separately executed written agreement with PlexTrac expressly permitting such use. Customer is responsible for ensuring any cross-border transfers resulting from use of a Customer MCP comply with applicable data protection law.
Customer may connect a Customer MCP to the PlexTrac API only if the connector is permitted under PlexTrac’s then-current API documentation and the connector: (i) authenticates exclusively via PlexTrac-issued API credentials in accordance with PlexTrac’s published authentication requirements; (ii) complies with PlexTrac’s published API rate limits, versioning policies, and integration guidelines; (iii) does not attempt to access PlexTrac API endpoints outside the Defined Use Cases; and (iv) does not reverse engineer, scrape, or circumvent any PlexTrac API controls or access restrictions.
PlexTrac reserves the right to require Customer to reconfigure or disconnect a Customer MCP that does not meet these standards. Inclusion on any PlexTrac-published list of validated connectors does not constitute a warranty or endorsement.
MCP Outputs are provided to Customer as part of the subscription services and, to the extent intellectual property rights exist in such outputs, those rights belong to Customer, subject to PlexTrac’s underlying intellectual property rights in its platform, APIs, models, and related components. PlexTrac makes no representation or warranty that MCP Outputs will be free from third-party intellectual property claims, and Customer is solely responsible for independently verifying that its use of any MCP Output does not infringe or misappropriate any third-party intellectual property right. Nothing in this Addendum grants Customer any right or license to PlexTrac’s underlying AI models, algorithms, or platform components.
Customer shall not use the MCP integration to (i) facilitate automated exfiltration of data beyond what is expressly permitted under the Defined Use Cases; or (ii) probe, scan, or test vulnerabilities of the PlexTrac platform through API calls. PlexTrac reserves the right to suspend or disable Customer’s MCP integration upon writtten notice to the Customer if use of the Customer MCP materially degrades or otherwise poses a risk to the PlexTrac platform.
In the event of any conflict between this Addendum and the MSA, this Addendum controls solely with respect to MCP integration matters. The term of this Addendum and rights to terminate are governed by the MSA. Termination of this Addendum does not constitute termination of the MSA. Upon termination, Customer shall revoke API credentials issued for Customer MCP use and PlexTrac will disable MCP-related API access.