SurePath AI reveals real-time control for safe use of MCPs

Applications of AI


SurePath AI has introduced Model Context Protocol (MCP) policy controls that apply real-time rules to the MCP server and tools used by generative AI clients and agents.

This release is positioned as a security and governance response to the increasing use of MCP in workplace AI workflows. Controls determine which MCP endpoints and tool features can be accessed and what is blocked before an AI-driven request is executed.

MCP has become a popular way for AI applications to connect to business systems. Desktop and developer tools such as ChatGPT, Claude, and Cursor can use MCP to access local and remote services. These connections may include internal repositories and management interfaces such as Google Drive, Salesforce, and the AWS Management API.

This connection changes the risk profile of organizations deploying generative AI. AI clients can perform actions that are performed under the end user’s identity and privileges. Local MCP tools can run on users’ laptops, and some desktop applications may launch without noticeable prompts. Remote MCP servers are compromised by increasing the number of network paths and endpoints involved.

policy control

SurePath AI’s MCP policy controls manage which MCP servers and tools are allowed across your organization. Apply checks in real-time before the tools your AI workflow calls are available.

Randy Birdsall, CPO and co-founder of SurePath AI, said MCP’s adoption follows an earlier wave of generative AI adoption within organizations.

“MCP has quickly evolved from a trendy acronym to the backbone of next-generation AI-powered workflows,” said Randy Birdsall, CPO and co-founder of SurePath AI.

“In fact, we’re seeing the same pattern we saw when ChatGPT first became available: rapid deployment, little oversight, and a surface-level understanding of the risks. The reality is that MCP introduces a whole new attack surface, to which many organizations are already exposed without realizing it, but it’s not practical to block MCP. Instead, it needs to be managed securely, and this is something that traditional firewalls and IAM It means moving beyond policy. Only then can security teams confidently support AI adoption without hindering their innovation.”

SurePath AI described MCP as a direct connection between the generating AI client and operational business systems. A mix of local and cloud-based MCP servers creates complex connectivity patterns that can increase the risk of data being spread out or moved laterally in the event of a breach.

Discovery and enforcement

This approach combines detection, classification, and enforcement. Monitor MCP usage across AI tools, intercept MCP payloads, and apply allow and block policies to tools referenced in those payloads.

One element is MCP tool discovery. Tools that are blocked by policy or do not meet functional requirements, such as being read-only, are removed from the payload before being forwarded. As a result, the backend service will not receive requests that involve accessing unauthorized tools.

Controls include a block list of tools detected in your environment and an allow list of allowed tools. According to SurePath AI, the “Allow read-only” setting allows you to automatically enable read-only tools without having to manually add them to an allow list.

Another option is a “catch-all action” setting that determines what happens if the tool is neither explicitly allowed nor blocked. According to SurePath AI, this allows you to control how the system handles tools outside of the defined list.

Automatic detection and classification is also included. SurePath AI said it can indicate whether an MCP tool is well-known or locally built, which can impact governance and risk assessment.

remote catalog

SurePath AI said it remotely maintains a catalog of known MCP servers and endpoints. Protected MCP traffic is routed through its platform for real-time access control, and policies can be applied at the level of individual tools.

SurePath AI also said this feature allows it to discover previously unseen MCP tools. This was framed as a way to identify threats in the supply chain, such as tools that attempt to impersonate others or move data outside of authorized boundaries.

The announcement comes as security teams shift their focus from using models to actions that AI systems can take through connectors and agent tools. MCP adoption is growing with the growing use of AI assistants for coding, document processing, and workflow automation, which often require access to internal systems and data stores.

SurePath AI said policy controls are enforced before execution, allowing organizations to set specific rules for the use of MCP servers and tools as MCP grows in daily AI workflows.



Source link