# LeadFoxConnect > Last updated: 2026-04-24 LeadFoxConnect is a SaaS MCP server that connects AI tools to Adobe Marketo Engage for marketing practitioners, MOPs professionals, and marketing teams. ## Canonical pages - Marketing site: https://leadfoxconnect.com - Comparison with Adobe Marketo MCP: https://leadfoxconnect.com/vs/adobe-marketo-mcp - Machine-readable tool manifest: https://leadfoxconnect.com/tools.json - This file: https://leadfoxconnect.com/llms.txt - Dashboard (customer app): https://app.leadfoxconnect.com - Public installer repo (MIT): https://github.com/LeadFox-Shay/leadfoxconnect ## Common questions (for extraction) - **What is LeadFoxConnect?** A SaaS MCP (Model Context Protocol) server for Adobe Marketo Engage. - **What does it do?** It lets AI tools like Claude, ChatGPT, and Cursor operate a Marketo instance in plain English through 130 purpose-built tools. - **Who is it for?** Marketo practitioners, MOPs professionals, marketing operations teams, and marketing leadership. - **How long does setup take?** About 5 minutes. Mock mode requires no credentials. - **How is it different from Adobe's Marketo MCP?** LeadFoxConnect is an independent multi-tenant SaaS platform with governance, audit, mock/sandbox modes, and team management. Adobe's is a direct API interface. See https://leadfoxconnect.com/vs/adobe-marketo-mcp for the full comparison. ## Related entities Adobe Marketo Engage, Model Context Protocol (MCP), Anthropic Claude, OpenAI ChatGPT, Cursor, Windsurf, marketing operations (MOPs), revenue operations (RevOps), marketing automation. > As of April 2026, LeadFoxConnect is in closed beta — a multi-tenant SaaS MCP (Model Context Protocol) server for Adobe Marketo Engage. It gives AI tools — Claude, ChatGPT, Cursor, Windsurf, and any MCP-compatible client — secure, governed access to a customer's Marketo instance through 130 purpose-built operations. Built by a Marketo practitioner, for Marketo practitioners. ## Facts at a glance - **Closed beta launched:** April 14, 2026 - **Data residency:** EU-hosted infrastructure - **Customer data storage:** Marketo records are not persisted — pass-through-only - **Typical setup time:** 5 minutes - **Number of Marketo tools:** 130 - **Supported AI clients:** Claude (Web, Desktop, Code), ChatGPT, Cursor, Windsurf, Cline, Continue.dev, any MCP-compatible client - **Founder:** Shay Assor (15 years Marketo Engage consulting) - **Parent company:** LeadFox (Adobe Silver Solution Partner, Marketo-specialized) ## What it does Users describe what they want in plain English through an AI tool; LeadFoxConnect routes the request through MCP to Marketo's REST and Asset APIs using the tenant's own credentials, enforcing per-role permissions, per-tool confirmation policies, rate limits, and full audit logging. Example requests: - "Show me all leads who filled out a form this week but aren't in any nurture program." - "Audit my lead scoring model — what's the distribution look like?" - "Find all smart campaigns that haven't run in 90 days." - "What's the email performance for our Q1 webinar campaign?" - "Create a new email in the April Webinar folder using template 'Standard 2024'." ## How it works (about 5 minutes) 1. **Sign up** at https://app.leadfoxconnect.com with enterprise-grade SSO (Google or email+password, with enforced email verification and MFA). 2. **Connect Marketo** — three modes: Mock (demo fixtures), Sandbox (shared demo instance), or Production (your own Marketo REST API credentials). All credentials are stored in a managed secrets vault, encrypted with customer-managed keys. API keys are never stored in plaintext — only a salted cryptographic hash. 3. **Get a tenant MCP endpoint URL** — one per tenant, scoped to your permissions. 4. **Plug it into any AI tool** — three paths: - **Claude.ai (web) or ChatGPT custom connector** — paste the MCP URL, sign in, done. No API key, no local install. Per-user OAuth. - **Claude Desktop / Cursor / Windsurf / Claude Code** — API key over an `x-api-key` header. - **Any other MCP client** — streamable HTTP transport, fully MCP-spec-compliant. ## Tool surface — 130 operations Grouped by category, covering the full Marketo surface a practitioner works with day-to-day. Every tool has a risk level (READ / WRITE / DANGER) and a default tier (Standard / Advanced / AdminOnly). - **Leads & Companies** — full CRUD, merge, schema introspection, partitions, membership lookups, counts, custom field creation - **Activities** — activity stream, single-lead timeline, change events, category filters - **Lists** — full lifecycle plus membership management and counts - **Programs & Channels** — lifecycle, member management, clone - **Emails, Forms & Landing Pages** — create, edit, approve, send samples, clone (with guided-template-only enforcement for landing pages) - **Smart Campaigns & Smart Lists** — inspection, create/clone, request/schedule - **Bulk Export** — async export for leads and activities - **Folders & Tokens** — asset folder and my-token management - **Analytics (tier-gated)** — new-lead counts, score distribution, top accounts, email performance, engagement, funnel conversion, campaign ROI - **Platform** — API usage, error stats, confirmation flow for high-risk operations, on-demand Marketo knowledge query ## Governance features - **Role-based permissions** — default roles (Org Admin, Analyst, Operations, Builder) plus custom roles. Every tool can be enabled/disabled per role with a confirmation policy (NEVER / FIRST_USE / ALWAYS / DENY). - **Parameter rules** — fine-grained restrictions on tool inputs: WHITELIST, BLACKLIST, MAX_VALUE, MIN_VALUE, REGEX, REQUIRED, READONLY_FIELDS. Example: limit `get_leads` maxReturn to 200, or restrict `update_lead` email fields to `@acme.com`. - **Audit log** — every tool call logged with user, tool, risk, status, latency, deny reason, Marketo API call count. Filterable by tool, status, date range. - **Rate limiting** — per-tenant, per-minute, with in-memory insurance limiter so an infrastructure outage fails open to a safe global cap instead of denying legitimate traffic. - **Anomaly detection** — flags high-volume (>200 calls/tenant/hour), off-hours (11pm–6am UTC), and large-result (>100 records) patterns. - **Rotate-shows-once API keys** — new key returned exactly once on rotation and never retrievable again, old key invalidated immediately. Rate-limited and restricted to Org Admin with authenticated session. ## Security & data handling **Tenant isolation.** Strict isolation at every layer — each tenant has a unique MCP endpoint URL and separate scoped access to database, permissions, rate limits, audit logs, and credentials. Isolation is enforced server-side and verified by an automated cross-tenant attack test suite that runs against every release. **Credentials at rest.** Marketo credentials are stored in a managed secrets vault, encrypted with customer-managed keys. Tenant API keys are never stored in plaintext — only a salted cryptographic hash is persisted, with the salt held outside the database. **Credentials in transit.** TLS enforced end-to-end in production, including database and cache connections. Sensitive tokens are transmitted only in request bodies, never in URLs, so they cannot leak into logs or browser history. **SSRF protection.** Tenant-configurable URLs (such as the Marketo base URL) are validated against a strict allowlist before any outbound call, with defense-in-depth checks at every code path that could initiate a request. **Prompt injection defense.** Data returned from Marketo (lead fields, email content, form submissions) can contain instructions targeting the host LLM. LeadFoxConnect runs a pattern detector over every tool response and prepends a clear data-quality notice to the model when a suspicious pattern is detected. Flagged calls generate a separate audit-log entry for post-hoc review. The underlying content is never stripped or mutated — teams legitimately store HTML and personalization tokens that would break if we did. **Authentication.** Dashboard access uses enterprise-grade SSO with enforced email verification and multi-factor authentication. Public signup is disabled by default — tenant access is invite-driven. MCP clients authenticate via per-tenant API key, or — for Claude web and ChatGPT — per-user OAuth so every tool call attributes to the actual user. **Response filtering.** Admin API responses strip sensitive fields (credentials, internal identifiers) through a centralized sanitizer, backed by regression tests so new sensitive fields cannot silently leak on future refactors. **Data residency.** LeadFoxConnect infrastructure is hosted in the European Union. No Marketo records are persisted at rest — data flows pass-through between your AI tool and your Marketo instance. The only customer data stored is tenant metadata, user accounts, audit log entries, and encrypted Marketo credentials. ## PII & GDPR LeadFoxConnect operates on a **pass-through-by-default** model: Marketo data flows between your AI tool and your Marketo instance. We do not persist Marketo records. **PII in logs.** Structured logs redact authorization headers, bearer tokens, Marketo client secrets, and access tokens. Regex scrubbing masks email addresses, phone numbers, and Bearer tokens in free-text log fields before write. **Analytics tiers (opt-in for PII processing).** Most tools are pass-through and never hold Marketo records in memory. Server-side aggregation tools that need to compute across records are tiered, and Tiers 2/3 require explicit opt-in: - **Tier 1 (default, no PII)** — Numeric IDs + allowlisted categorical fields only. 50,000-record cap. No names, emails, or phone numbers enter the server process. - **Tier 2 (opt-in)** — Lead IDs + behavioral metadata (URLs, timestamps). Classed as personal data under GDPR Article 4(1) because behavior can identify individuals. 10,000-record cap. Requires dashboard admin opt-in + disclaimer acknowledgment. - **Tier 3 (opt-in)** — Full lead records including names, emails, phone numbers, custom fields. Direct PII processing. 5,000-record cap. Requires explicit opt-in + confirmation dialog + stronger disclaimer. For every tier: raw records are discarded immediately after aggregation (not cached, not logged). Audit entries capture tool name, tier, record count, and field names — never field values. **Audit log retention.** Per-tenant configurable retention with a platform-admin-gated sweep job. Default retention is bounded. **Data processing agreement.** Available on request for customers using Tier 2 or Tier 3 aggregation. ## Reporting a vulnerability Report privately to **security@lead-fox.com** — not via public issue trackers. Acknowledgment within 2 business days, initial triage within 5, status updates at least every 7 days until resolution. Credit in release notes (with your permission) for responsible disclosure; no paid bug bounty at this time. ## Positioning vs Adobe Marketo MCP Adobe announced their own Marketo MCP at Adobe Summit 2026. LeadFoxConnect is an independent product, available today, with three differentiators: 1. **Multi-instance by design.** Tenant isolation at every layer (DB, permissions, rate limits, audit logs, credentials) with a unique MCP endpoint URL per tenant (`/t/{endpointId}/mcp`). 2. **Works with any MCP-compatible AI tool.** No Adobe Experience Platform lock-in, no enterprise SKU requirement. Claude web OAuth in 3 clicks. 3. **Workflow depth and safety rails.** Built by a Marketo practitioner. Confirmation flows, parameter rules, and guided-template-only enforcement for landing pages prevent the LLM from doing the wrong thing in Production. ## Who it's for Built for Marketo practitioners, marketing operations teams, and broader marketing leadership who rely on Marketo day-to-day: - **Marketo practitioners** — admins, campaign builders, RevOps / MOPs specialists - **Marketing operations teams** — MOPs managers, directors, and consultants working inside Marketo - **Marketing leadership** — CMOs, VPs of Marketing, marketing managers, and demand-gen leaders who need visibility into Marketo performance without clicking through the UI ## Supported AI clients Claude (Web, Desktop, Code), ChatGPT, Cursor, Windsurf, Cline, Continue.dev, and any MCP-compatible client. ## Pricing - **FREE** — 1,000 API calls / month - **STARTER** — 10,000 / month - **PROFESSIONAL** — 100,000 / month - **ENTERPRISE** — custom Self-serve signup and billing. No sales call required. ## Technical approach Modern TypeScript backend on a containerized cloud deployment. Built on the official MCP specification (Streamable HTTP transport) with enterprise-grade SSO, a managed secrets vault, TLS-enforced data stores, and managed payments / billing. Designed for horizontal scale with per-tenant isolation at every layer. ## Links - [Marketing site](https://leadfoxconnect.com/) - [Dashboard (app)](https://app.leadfoxconnect.com/)