What to look for in an MCP security platform: Whether a company connects their own agents to third-party MCP servers, their own MCP servers to third-party agents, or their own servers to their own agents, there’s going to be the potential for data leakage, prompt injections and other security threats.That means companies will need to check for authorizations and permissions, implement fine-grained access controls, and log everything, says AllCloud’s Nevel.Here are some other MCP security tools that vendors are offering today:
MCP server detection: It’s easy for company employees to download and run their own MCP servers. These servers could boost their productivity or they could be a new attack vector. Some MCP security vendors are offering scanning services to help companies find all instances of shadow MCP servers in their environments.Runtime protection: AI agents communicate with MCP servers in plain English. That creates the potential for prompt injections, data leaks and other security issues. Many MCP security vendors offer tools to monitor all communications for these and similar problems.Authentication and access controls: The core MCP protocol now supports OAuth, but that’s just the start. For additional security, vendors offer zero trust and least privilege control frameworks.Logging and observability: Vendors can provide platforms to collect MCP logs, alert security teams about security events or policy violations, collect compliance data, or feed logs into existing security infrastructure.
Vedors offering MCP security tools: Below, we divide in three sections the list of vendors offering MCP security tools.
Hyperscalers
For companies all-in on a particular cloud platform, going with the MCP tools provided by that particular hyperscaler can be an easy way to get started.AWS launched its own agentic AI platform in July. Amazon Bedrock AgentCore includes a gateway that supports multiple protocols, including MCP, an identity management system and observability. In October, AWS followed this up with a set of guidelines for securing MCP servers with zero trust best practices.Microsoft announced a basic Azure MCP server in April, added support for the Azure Key Vault in May, announced MCP support in the Azure AI Foundry Agent Service in June, and announced Azure API Management support in August. Azure API Management means that MCP servers can have secure and governed access to resources, with observability and control.In October, Microsoft announced the Microsoft Agent Framework, which includes support for both MCP and the Agent2Agent protocol, protection against prompt injection, PII detection, and multi-agent observability to ensure that the systems are doing what they’re supposed to be doing.Google Cloud announced its MCP Toolbox for Databases in April with authentication and observability built in. In September, it released a reference architecture for securing MCP servers on the Google Cloud Platform, based around a centralized MCP proxy architecture. It uses the Google Identity Platform to validate identities and issue OAuth tokens, uses Model Armor to check messages for prompt injections, jailbreaks, or sensitive data, and a Secret Manager to store API keys, credentials, and sensitive configuration values. Its Artifact Registry can store MCP server images and scan them for vulnerabilities before they are deployed.Google also recommends using network-level security controls to isolate MCP servers and reduce the risk of lateral movement. Finally, Google’s Security Command Center can identify unauthorized access and data exfiltration attempts.
Major technology providers
Cloudflare: Cloudflare announced MCP Server Portals, which enable enterprises to centralize, secure, and observe every MCP connection. This feature is part of Cloudflare One, the company’s secure access service edge (SASE) platform.Palo Alto Networks: The company launched the Prisma AIRS MCP Server in June. It sits between the AI agent and the MCP server and detects malicious content in data, helping protect against prompt injection attacks, as well as web and DNS attacks. Another tool, MCP Security in Cortex Cloud WAAS, sits at the network boundary, and inspects MCP communications for malicious activity.SentinelOne: SentinelOne Singularity Platform offers visibility into the MCP interaction chain, as well as alerts and automated incident response, for both local and remote MCP servers.VMware: In August, parent company Broadcom announced that VMware Cloud Foundation will offer more security for agentic workflows, including MCP servers.
Startups
Acuvity: Acuvity secures MCP servers by hardening them with least-privilege execution, immutable runtimes, continuous vulnerability scanning, authentication, and threat detection.Akto: API security company Akto launched an MCP security solution in June, claiming to be the first dedicated security solution specifically built to protect MCP servers. It includes a discovery tool for finding the MCP servers deployed in corporate environments, security testing tools, and monitoring and threat detection.Invariant Labs: Their MCP-Scan is an open-source scanner that performs static analysis of MCP servers and does real-time monitoring to detect tool poisoning attacks, rug pulls, and prompt injection attacks. A commercial product, Invariant Guardrails, is a proxy that sits between AI agents and MCP servers and protects against project injections and other MCP security threats, and allows companies to impose rules such as prohibiting PII from going to external email addresses.Javelin: The company’s AI Security Fabric platform includes MCP security, such as functionality to scan for risky servers, or to block or require review of agent tools or data requests. In addition, MCP guardrails stop unsafe calls and poisoned inputs in real-time and prevent prompt injections and data leakage.Lasso Security: Open source MCP gateway that allows configuration and lifecycle management of MCP servers and sanitizes sensitive information in MCP messages.MCPTotal: Offers a hub to manage, run and monitor MCP servers in a secure, sandboxed environment, as well as a gateway to protect AI workflows interacting with both internal and external MCP servers, and a governance tool to monitor and enforce AI tool use policies.Noma: Recently launched AI Agent Security solution offers support for discovery of MCP connections, vulnerability scanning, access policy enforcement, real-time prompt guardrails, and audit trails.Obot: The Obot MCP gateway is an open-source platform to manage MCP servers, define security access policies, and track usage and compliance.Operant: Operant MCP Gateway automatically catalogs MCP tools, discovers AI agents, and tracks traffic between agents and servers to eliminate MCP blind spots. It can also identify threat vectors such as tool poisoning, jailbreaks and unauthorized access, prevent data leaks, and establish a centralized governance framework for agents and tools across the enterprise.Solo: The company’s Agent Gateway was overhauled in August to support MCP and A2A protocols and protects against malicious prompts and data leaks, enforces strong authentication, and centralizes logging and tracing for every interaction.Teleport: Its Secure MCP tool for its Infrastructure Identity Platform allows companies to unify how they govern human, machine, workload, device, and AI identities. MCP Security provides identity, access control, governance, and audit tools in a zero trust and least privilege environment.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4087656/what-cisos-need-to-know-about-new-tools-for-securing-mcp-servers.html
