SurePath AI today announced MCP Policy Controls, which provides real-time controls over what MCP servers and tools are allowed to be used. The new capability helps organizations adopt MCP safely with visibility and safeguards from day one.
MCP is a direct line from generative AI clients to the systems that enable a business to operate. These lightweight MCP tools can run locally on a user’s laptop and are often launched silently by AI desktop apps like ChatGPT, Claude, and Cursor. They also link to internal tools, such as Google Drive, Salesforce, and AWS management APIs. This presents new security challenges – AI is now issuing real commands, authenticated as the end user. While cloud-based MCPs offer some guardrails, they also increase surface area. For instance, multiple agents connected to a mix of local and remote MCP servers can create tangled pathways for data sprawl and lateral movement.
SurePath AI was purpose-built to solve these challenges by applying policy-based control over what MCP servers and tools are allowed to be used before anything is executed. As the only platform that is schema-aware enough to transform these requests, SurePath AI enforces an organization’s policies on exactly which MCP servers and tools are allowed by controlling local MCP hosts and their connections to local MCP servers. These policies can leverage built-in classifications of whether a tool is destructive or not, or be customized explicitly to each organization’s security requirements.
To mitigate risk on the remote side, SurePath AI maintains a catalog of known MCP servers and endpoints. All protected MCP traffic is routed through its platform, where access controls are applied in real time, even down to the specific tool. SurePath AI’s new capability also uncovers supply chain threats by detecting never-before-seen MCP tools that could impersonate other tools or attempt to exfiltrate data outside the approved security perimeter.
Key features include:
- MCP Tool Discovery: Discover MCP tools through monitoring MCP usage in AI tools across the workforce by intercepting MCP payloads and removing tools that are either blocked by policy or in violation of capability requirements, such as tools that are not read-only. When a tool violates policy, it is removed from the MCP payload before being sent to the backend service, which means that the service will not have access to leverage that tool.
- MCP Tool Block List: Explicitly block specific MCP tools that have been discovered in the environment. Blocked tools are removed from MCP payloads before they reach backend services.
- MCP Tool Allow List: Allow specific MCP tools that have been discovered in the environment. Allowed tools will always be included in MCP payloads.
- Allow Read-Only: When enabled, automatically enables all read-only MCP tools without requiring them to be added to the Allow List, streamlining policy management for lower-risk tools.
- Catch-All Action: Determine the default action taken for MCP tools that are not explicitly allowed or blocked, providing control over how the system handles tools that fall outside of the defined block and allow lists.
- Auto-Discovery and Classification: Gain insights into MCP tools, like whether they are well-known or just built on someone’s laptop
For more information, visit surepath.ai.
Like this:
Like Loading...
Related
This entry was posted on March 12, 2026 at 8:00 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
SurePath AI Advances Real-Time Model Context Protocol (MCP) Policy Controls to Govern AI Actions
SurePath AI today announced MCP Policy Controls, which provides real-time controls over what MCP servers and tools are allowed to be used. The new capability helps organizations adopt MCP safely with visibility and safeguards from day one.
MCP is a direct line from generative AI clients to the systems that enable a business to operate. These lightweight MCP tools can run locally on a user’s laptop and are often launched silently by AI desktop apps like ChatGPT, Claude, and Cursor. They also link to internal tools, such as Google Drive, Salesforce, and AWS management APIs. This presents new security challenges – AI is now issuing real commands, authenticated as the end user. While cloud-based MCPs offer some guardrails, they also increase surface area. For instance, multiple agents connected to a mix of local and remote MCP servers can create tangled pathways for data sprawl and lateral movement.
SurePath AI was purpose-built to solve these challenges by applying policy-based control over what MCP servers and tools are allowed to be used before anything is executed. As the only platform that is schema-aware enough to transform these requests, SurePath AI enforces an organization’s policies on exactly which MCP servers and tools are allowed by controlling local MCP hosts and their connections to local MCP servers. These policies can leverage built-in classifications of whether a tool is destructive or not, or be customized explicitly to each organization’s security requirements.
To mitigate risk on the remote side, SurePath AI maintains a catalog of known MCP servers and endpoints. All protected MCP traffic is routed through its platform, where access controls are applied in real time, even down to the specific tool. SurePath AI’s new capability also uncovers supply chain threats by detecting never-before-seen MCP tools that could impersonate other tools or attempt to exfiltrate data outside the approved security perimeter.
Key features include:
For more information, visit surepath.ai.
Share this:
Like this:
Related
This entry was posted on March 12, 2026 at 8:00 am and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.