The MCP Security Stack
The leading vendor platforms securing Model Context Protocol environments — and how they fit together.
MCP Security Conference
A free, half-day online summit on securing AI agent access — across every layer of the Stack.
What the MCP Security Stack is
MCP security tools are emerging across a handful of key control points — gateways, identity, runtime monitoring, testing, and governance. These layers help organizations discover MCP usage, restrict what agents can do, detect unsafe behavior, and approve which tools are safe for production. The Stack represents best-of-breed components; some tools overlap categories, and the subcategories are complementary — used together, they form a comprehensive architecture for securing MCP.
Think of it less as a ranking and more as an architecture: a request from an AI agent can be discovered, authorized, monitored, tested, and governed at distinct control points before it ever reaches a tool. Most teams end up combining several layers.
- Six control points — gateways, identity & access, runtime monitoring, testing, governance, and broader AI gateways.
- Complementary, not competing — subcategories overlap, and best-of-breed setups use them together.
- Independent & non-sponsored — nothing here is ranked, scored, or paid for.
The MCP Stack
The MCP security market in one map — six categories, 48 tools. Click to open it full-screen in a new tab.












































Every layer, tool by tool
MCP security tools are emerging across a handful of key control points — gateways, identity, runtime monitoring, testing, and governance. These layers help organizations discover MCP usage, restrict what agents can do, detect unsafe behavior, and approve which tools are safe for production. The Stack represents best-of-breed components; some tools overlap categories, and the subcategories are complementary — used together, they form a comprehensive architecture for securing MCP.
MCP Gateways
Central controls for agent traffic to MCP servers.MCP gateways are a central access point that secures and controls agent traffic to MCP servers — providing access control, policy enforcement, routing, logging, tool filtering, and agent-to-tool mediation.

A lightweight yet comprehensive gateway for controlling MCP usage, emphasizing curated tool access.

A feature-rich, mature MCP gateway offering fine-grained authentication and admin controls.

A gateway for MCP authentication and visibility, offered in open-source and enterprise versions.

A fully managed gateway for cataloging, securing, and exposing agent tools via pre-built integrations.

A full-purpose MCP gateway providing self-deployment for cloud-native architectures.

An MCP control-plane proxy providing tool-level controls and observability into usage.

A single control plane for all agents, providing SSO and auditing for every tool call.

An open-source MCP gateway for managing tools and skills, with auditing and policies.
Identity & Access
Agent authorization, scoped access, and secrets control.Identity platforms secure MCP by defining what agents are allowed to do — answering the classic IAM questions: what agent, acting for what user, can call what tool, with what scope, and for how long? These tools provide guardrails around agent authorization, delegated access, tool scoping, workload identity, and secrets management.
A runtime platform focused on agent authorization and optimized tools for agentic identities.

An IAM provider generating OAuth 2.1 flows, tool permissions, and access control atop MCP servers.

A popular IAM and API-security platform securing MCP servers with OAuth 2.1.

An identity platform securing delegated access and authorization flows for agents and MCP systems.

An authorization and policy-enforcement platform placed in front of MCP servers.
Runtime Security & Monitoring
Runtime visibility, threat detection, and audit trails.Monitoring and threat-analysis tools give teams runtime visibility — tool-call-level observability, tracing, vulnerability detection, and audit support.

Detects and prevents MCP threats such as prompt injection, tool poisoning, and data exposure.

Agentic security for MCP hygiene, vulnerability detection, runtime enforcement, and audit-ready governance.

An MCP gateway specializing in threat detection for tool poisoning, over-permissioning, and data leakage.

AI data security that increases visibility into MCP risks and issues alerts.

Discovers MCP servers, tracks agentic actions, and monitors for unauthorized MCP activity.

API and AI-agent security focused on visibility into agent behavior and MCP tool usage.

Discovers and remediates risks across the AI stack — agents, LLMs, and MCP-based tools.

All-purpose security monitoring providing visibility and control across MCP servers.
Testing & Scanning
Vulnerability scanning for MCP servers and tools.Testing tools and scanners help teams find weaknesses in MCP servers, tools, and agent workflows before they create real-world risk — static scanning, penetration testing, and posture management for MCP-native vulnerabilities.

Applies AI agent-driven offensive security to continually test APIs, MCP servers, and workflows.

Provides MCP-Scan to detect MCP-specific vulnerabilities like rug pulls and tool poisoning.

API security surfacing shadow MCP exposure and risky API-to-agent connections.

End-to-end agent visibility with MCP security scoring across thousands of servers and tools.

Realtime scanning of MCP servers and components for visibility, risk detection, and threat prevention.
Governance & Registries
Trusted catalogs, approvals, policies, and provenance.Governance tools help engineering teams create compliant workflows for MCP usage — trusted registries, catalogs, vetting, approval workflows, tool provenance, lifecycle governance, and server discovery.

A management layer packaging scoped tool access, policy enforcement, observability, and audit logs.

An enterprise MCP registry for models, agents, and servers, built on OCI-compliant artifacts.

Creates governed, enterprise-ready MCP interfaces for business workflows and systems.

An enterprise registry to catalog and discover MCP servers and govern internal usage.

Brings compliance checks to developer-tool installs, including MCP servers.

A governance layer applying policies to how agents access APIs and MCP servers.

Authorizes users and connects them to underlying APIs or MCP servers with reusable integrations.
AI Gateways
Broader control planes for LLM and agentic traffic.Multi-purpose AI and agent gateways cover AI and LLM threats at large.
An agent-management platform governing agents, APIs, events, MCP tools, and A2A traffic.

An AI-native gateway for connecting, securing, and observing LLM, MCP, and A2A traffic.

A mature AI and API gateway centralizing AI traffic and governing MCP tool access.
An enterprise AI gateway unifying LLM providers with built-in MCP gateway capabilities.

A standard way to connect MCP servers atop an Envoy-based enterprise AI proxy.
The MCP Security
Conference
Organized by AISEC University — a free, half-day online event assembling some of the brightest minds in the industry to cover the most pressing risks in MCP setups, from agent authorization and tool poisoning to gateways, governance, testing, and runtime monitoring.
Register for the conference
Save your seat — we'll send the joining link and agenda.
Building a tool on the Stack?
If you're building a platform that lives on the Stack — or know of one that should be added — we'd like to hear from you.