Decide Which MCP Servers and Tools Are Allowed
MCP security stops a bad call in the moment; MCP governance decides, ahead of time, which servers and tools an agent may use at all - and which need step-up. Together they bound the protocol.
Illustrative product view
The policy side of MCP
MCP governance is where you decide the rules the gateway later enforces. It handles server authorization (which MCP servers may be reached), tool risk scoring (how dangerous each tool is), data-boundary policy, and which tools require step-up verification. AegisAI’s mcp_governance.py and AgentFence’s MCP firewall implement it deterministically, so the policy is explicit and testable rather than implicit in code.
What MCP governance covers
| Dimension | What it decides |
|---|---|
| Server authorization | Which MCP servers agents may reach |
| Tool risk scoring | The risk tier of each tool by capability |
| Data boundaries | Which tools may move which data classes |
| Step-up requirements | Which sensitive tools require verification |
| Approval routing | Which tools escalate to a human |
Scoring tool risk
- Read tools that stay in-scope are low risk and generally allowed
- Write tools require step-up before they proceed
- Tools that touch sensitive data are gated by data-boundary policy
- Destructive or high-blast tools escalate to human approval
How it connects
MCP governance defines the rules; MCP security enforces them per call; agent governance ties the tools back to a specific accountable agent. All three write their decisions to the tamper-evident ledger, so which servers and tools were authorized - and every call against them - is on the record.
Frequently asked questions
What is MCP governance?
MCP governance is the policy layer for the Model Context Protocol: deciding which servers agents may reach, scoring the risk of each tool, setting data-boundary rules, and marking which tools require step-up or approval. It defines the rules that an MCP gateway then enforces on each call.
How is MCP governance different from MCP security?
Governance is the ahead-of-time policy - authorized servers, tool risk tiers, step-up requirements. Security is the runtime enforcement of that policy on each individual call. You set the rules with governance and the gateway applies them per invocation.
How are MCP tools risk-scored?
Tools are scored by what they can do: reads are low risk, writes require step-up, tools touching sensitive data are gated by data-boundary rules, and destructive or high-impact tools escalate to human approval. The scoring is deterministic, so the same tool always lands in the same tier.
Can I require approval before an agent uses a sensitive tool?
Yes. Governance lets you mark specific tools as requiring step-up verification or human approval, so a sensitive or destructive tool cannot be invoked on the agent’s authority alone - the call is verified or routed to a person first.
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
Set the rules for MCP
Authorize servers, score tool risk, and require step-up on the sensitive ones.
Talk to us