July 29 · Live workshopAI Just Made Hacking Apps a Lot EasierSave your seat →

The MCP Security Stack

The leading vendor platforms securing Model Context Protocol environments — and how they fit together.

August 27, 2026 · Free · Virtual

MCP Security Conference

A free, half-day online summit on securing AI agent access — across every layer of the Stack.

No spam. Sponsor inquiries welcome — reach out any time.

What the MCP Security Stack is

MCP security tools are emerging across a handful of key control points — gateways, identity, runtime monitoring, testing, and governance. These layers help organizations discover MCP usage, restrict what agents can do, detect unsafe behavior, and approve which tools are safe for production. The Stack represents best-of-breed components; some tools overlap categories, and the subcategories are complementary — used together, they form a comprehensive architecture for securing MCP.

Think of it less as a ranking and more as an architecture: a request from an AI agent can be discovered, authorized, monitored, tested, and governed at distinct control points before it ever reaches a tool. Most teams end up combining several layers.

  • Six control points — gateways, identity & access, runtime monitoring, testing, governance, and broader AI gateways.
  • Complementary, not competing — subcategories overlap, and best-of-breed setups use them together.
  • Independent & non-sponsored — nothing here is ranked, scored, or paid for.

Every layer, tool by tool

MCP security tools are emerging across a handful of key control points — gateways, identity, runtime monitoring, testing, and governance. These layers help organizations discover MCP usage, restrict what agents can do, detect unsafe behavior, and approve which tools are safe for production. The Stack represents best-of-breed components; some tools overlap categories, and the subcategories are complementary — used together, they form a comprehensive architecture for securing MCP.

MCP Gateways

Central controls for agent traffic to MCP servers.

MCP gateways are a central access point that secures and controls agent traffic to MCP servers — providing access control, policy enforcement, routing, logging, tool filtering, and agent-to-tool mediation.

ZuploMCP Gateway

A lightweight yet comprehensive gateway for controlling MCP usage, emphasizing curated tool access.

PortkeyMCP Gateway

A feature-rich, mature MCP gateway offering fine-grained authentication and admin controls.

Lunar.devMCPX

A gateway for MCP authentication and visibility, offered in open-source and enterprise versions.

ComposioMCP Gateway

A fully managed gateway for cataloging, securing, and exposing agent tools via pre-built integrations.

TrueFoundryMCP Gateway

A full-purpose MCP gateway providing self-deployment for cloud-native architectures.

TykMCP Gateway

An MCP control-plane proxy providing tool-level controls and observability into usage.

SpeakeasyMCP Gateway

A single control plane for all agents, providing SSO and auditing for every tool call.

ObotMCP Gateway

An open-source MCP gateway for managing tools and skills, with auditing and policies.

UsercentricsMCP Manager

An all-purpose MCP gateway combining RBAC, policies, and data-leakage detection.

Identity & Access

Agent authorization, scoped access, and secrets control.

Identity platforms secure MCP by defining what agents are allowed to do — answering the classic IAM questions: what agent, acting for what user, can call what tool, with what scope, and for how long? These tools provide guardrails around agent authorization, delegated access, tool scoping, workload identity, and secrets management.

Arcadearcade.dev

A runtime platform focused on agent authorization and optimized tools for agentic identities.

Aembit

Access management described as IAM for agentic AI, usable as an MCP gateway.

WorkOS

An IAM provider generating OAuth 2.1 flows, tool permissions, and access control atop MCP servers.

Auth0by Okta

A popular IAM and API-security platform securing MCP servers with OAuth 2.1.

Stytch

An identity platform used for remote MCP server authorization.

Curity

An identity platform securing delegated access and authorization flows for agents and MCP systems.

Permitpermit.io

An authorization and policy-enforcement platform placed in front of MCP servers.

Teleport

Issues cryptographic identities for containers, VMs, or MCP servers.

Runtime Security & Monitoring

Runtime visibility, threat detection, and audit trails.

Monitoring and threat-analysis tools give teams runtime visibility — tool-call-level observability, tracing, vulnerability detection, and audit support.

LassoSecurity

Detects and prevents MCP threats such as prompt injection, tool poisoning, and data exposure.

Straiker

Agentic security for MCP hygiene, vulnerability detection, runtime enforcement, and audit-ready governance.

Operant

An MCP gateway specializing in threat detection for tool poisoning, over-permissioning, and data leakage.

Nightfall

AI data security that increases visibility into MCP risks and issues alerts.

Obsidian

Discovers MCP servers, tracks agentic actions, and monitors for unauthorized MCP activity.

Akto

API and AI-agent security focused on visibility into agent behavior and MCP tool usage.

Remedio

Discovers and remediates risks across the AI stack — agents, LLMs, and MCP-based tools.

DataDome

All-purpose security monitoring providing visibility and control across MCP servers.

42Crunch

API security specialist bringing runtime protection, audit, and threat detection to MCP servers and tools.

Testing & Scanning

Vulnerability scanning for MCP servers and tools.

Testing tools and scanners help teams find weaknesses in MCP servers, tools, and agent workflows before they create real-world risk — static scanning, penetration testing, and posture management for MCP-native vulnerabilities.

Equixly

Applies AI agent-driven offensive security to continually test APIs, MCP servers, and workflows.

Invariant LabsSnyk · MCP-Scan

Provides MCP-Scan to detect MCP-specific vulnerabilities like rug pulls and tool poisoning.

SaltSecurity

API security surfacing shadow MCP exposure and risky API-to-agent connections.

Manifold

End-to-end agent visibility with MCP security scoring across thousands of servers and tools.

Safety

Realtime scanning of MCP servers and components for visibility, risk detection, and threat prevention.

Aikido

A vulnerability-scanning platform whose Aikido Pentest tests MCP servers for known faults.

Governance & Registries

Trusted catalogs, approvals, policies, and provenance.

Governance tools help engineering teams create compliant workflows for MCP usage — trusted registries, catalogs, vetting, approval workflows, tool provenance, lifecycle governance, and server discovery.

Runlayer

Golden paths of highly scoped, secure MCP capabilities for agentic tools.

MintMCP

A management layer packaging scoped tool access, policy enforcement, observability, and audit logs.

JozuMCP Registry

An enterprise MCP registry for models, agents, and servers, built on OCI-compliant artifacts.

WorkatoEnterprise MCP

Creates governed, enterprise-ready MCP interfaces for business workflows and systems.

KongMCP Registry

An enterprise registry to catalog and discover MCP servers and govern internal usage.

KoiSecurity

Brings compliance checks to developer-tool installs, including MCP servers.

Jentic

A governance layer applying policies to how agents access APIs and MCP servers.

Nango

Authorizes users and connects them to underlying APIs or MCP servers with reusable integrations.

Smithery

Safely connect agents to MCP tools and reuse them across an organization.

DockerMCP Catalog

A curated collection of verified MCP servers packaged as Docker images.

AI Gateways

Broader control planes for LLM and agentic traffic.

Multi-purpose AI and agent gateways cover AI and LLM threats at large.

GraviteeAI Gateway

An agent-management platform governing agents, APIs, events, MCP tools, and A2A traffic.

Solo.ioAgentgateway

An AI-native gateway for connecting, securing, and observing LLM, MCP, and A2A traffic.

KongAI Gateway

A mature AI and API gateway centralizing AI traffic and governing MCP tool access.

Bifrostby Maxim

An enterprise AI gateway unifying LLM providers with built-in MCP gateway capabilities.

TetrateMCP Gateway

A standard way to connect MCP servers atop an Envoy-based enterprise AI proxy.

LiteLLMAI Gateway

An enterprise AI gateway adding guardrails, tracking, and governance of LLM and MCP usage.

August 27, 2026 · Free · Virtual · Half-day

The MCP Security
Conference

Organized by AISEC University — a free, half-day online event assembling some of the brightest minds in the industry to cover the most pressing risks in MCP setups, from agent authorization and tool poisoning to gateways, governance, testing, and runtime monitoring.

Half-day · online
Free to attend
Independent panel

Register for the conference

Save your seat — we'll send the joining link and agenda.

No spam. Sponsor inquiries welcome — reach out any time.

Building a tool on the Stack?

If you're building a platform that lives on the Stack — or know of one that should be added — we'd like to hear from you.

Suggest a tool →
MCP Security Conference
Aug 27 · Free · Virtual
Register →