A Firewall for Every MCP Tool-Call
The Model Context Protocol lets agents call tools and reach data - powerful, and unbounded by default. AgentFence’s MCP gateway evaluates each call, scores its risk, enforces data boundaries, and routes approvals.
Illustrative product view
Why MCP needs a security layer
MCP is the connective tissue between agents and the tools and data they act on. By default it trusts whatever server and tool the agent reaches for, with no evaluation of whether that specific call is safe. AgentFence puts a gateway in front: POST /api/mcp-gateway/evaluate scores and decides each invocation, /policies defines the rules, /servers registers what is allowed, /logs records what happened, and /approvals routes approve, deny, or escalate.
What the gateway does per call
| Endpoint | What it does |
|---|---|
| POST /api/mcp-gateway/evaluate | Evaluate a single tool-call and return a verdict |
| GET|PUT /api/mcp-gateway/policies | Define the rules that govern calls |
| /api/mcp-gateway/servers | Register and authorize MCP servers |
| /api/mcp-gateway/logs | Record every evaluated call |
| /api/mcp-gateway/approvals | Approve, deny, or escalate held calls |
Tool risk scoring
- Each tool is scored by what it can do - read, write, delete, export
- Unregistered servers and tools are denied until authorized
- Data-boundary rules gate calls that would move sensitive data
- High-risk calls escalate to an approval instead of running
How it fits the platform
The MCP gateway is the enforcement point for agent tool-calls, and it consults the same decision vocabulary as the rest of the platform. Verdicts are recorded to the tamper-evident ledger, and MCP governance handles the longer-lived questions of which servers and tools are authorized in the first place.
Frequently asked questions
What is MCP security?
MCP security is controlling the tool-calls agents make over the Model Context Protocol. AgentFence provides a gateway that evaluates each call, scores the risk of the tool, enforces data boundaries, and routes approvals - so an agent cannot silently reach an unregistered server or move sensitive data through a tool-call.
What is an MCP firewall or gateway?
It is a control point that sits in front of MCP tool invocations. Every call goes through POST /api/mcp-gateway/evaluate, which returns a verdict based on the policy, the registered servers, and the tool’s risk. Held calls go to an approvals queue to approve, deny, or escalate.
Can it block calls to unauthorized MCP servers?
Yes. Servers are registered and authorized through the gateway; calls to unregistered servers or tools are denied until they are explicitly allowed. That prevents an agent from reaching a rogue or unvetted MCP server.
How does it handle sensitive data in tool-calls?
The gateway applies data-boundary controls: a tool-call that would move sensitive data across a boundary is stepped up or held for approval rather than executed automatically. It treats MCP calls the way a DLP treats data flows.
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
Put a gateway in front of MCP
Evaluate, score, and gate every Model Context Protocol tool-call.
Talk to us