MCP Gateway Security

MCP (Model Context Protocol) is the emerging standard for AI agent tool use, defining how agents discover, invoke, and process responses from external tools. As MCP adoption grows, it introduces attack vectors that traditional API security does not cover: supply chain compromise through typosquatted tool servers, DNS rebinding that bypasses allow-list controls, payload injection through tool responses that flow directly into agent context, and credential exposure when agents pass sensitive data as tool call parameters.

Arrakis provides an inline MCP gateway that intercepts and secures all MCP traffic between agents and their tool servers. The gateway enforces allow-lists of approved tool servers, inspects both outbound parameters and inbound responses for sensitive data patterns, and correlates tool server packages against known vulnerabilities. Think of it as software composition analysis applied at the tool invocation layer, where agents dynamically select tools at runtime.

Gateway findings feed into the standard Arrakis risk pipeline, carrying the appropriate threat codes, contributing to agent risk scores, and flowing through to posture scoring. The gateway is transparent to both the agent and the tool server. No modifications to agent frameworks or tool implementations are needed.

Full gateway documentation is available to Arrakis customers.