AI security specialist
TrojAI has launched a tool aimed at allowing organizations to more securely adopt MCP, an open standard that allows AI models and agents to connect to and communicate with external data sources and applications.
The Model Context Protocol (MCP), released by AI company
Anthropic a year ago, addresses what had been a weakness – the isolation of models and agents from sources of real-world data and systems beyond their training data – by replacing custom integrations with a single, universal protocol that standardizes jobs like function calls, tool use, and memory.
“Acting as a coordination layer between models and their environment, MCP allows AI systems to safely interact with APIs, databases, and enterprise platforms through a consistent interface,”
wrote Julie Peterson, lead product marketing manager for TrojAI. “If interoperability is the key to agentic AI, MCP is the universal translator that ensures every system speaks the same language.”
MCP, Agents Mean More Risks
For AI agents, which, among other tasks, can go out and find the data they need to complete a job, MCP servers are critical. However, like everything else in the expanding world of AI, MCP and agents create new security risks.
“AI adoption has outpaced the ability to manage and secure it, creating a deployment security gap,” TrojAI CEO
Lee Weiner told MSSP Alert. “This is further amplified with the rise of MCP and agents. That gap is larger than what we’ve seen in prior waves, like cloud or mobile. Those technologies leveraged known architectures. AI introduces nondeterministic systems that make securing it complex, in unpredictable ways.”
A problem is that “traditional security tools can’t ‘see’ into model behavior or prevent prompt-based manipulation, data leakage, or harmful outputs,” Weiner said. “The development curve is exponential, and the attack surface, models, agents, and applications are evolving daily.”
Introducing Defend for MCP
TrojAI, founded in 2019 and headquartered in St. John, New Brunswick, Canada, wants to change that with TrojAI Defend for MCP, which can monitor traffic running to and from MCP servers to give organizations improved visibility, policy analysis, and runtime enforcement for AI agents and MCP gateways.
The tool, unveiled this week, “moves beyond surface posture checks on MCP to real-time controls protecting the behavior and interaction of clients to models to MCP servers,” the CEO said. “This gives security teams unified visibility, pre-approval gating, drift and tamper detection, and live policy enforcement across agents, servers, and tools. Much of the security offerings out there today focus on general LLM [large language model] hardening or cloud discovery of MCP endpoints. Those are useful, but they don’t allow you to control unauthorized servers and tools and protect them from manipulation attacks.”
Needed Help
Such capabilities will become more important as companies embrace MCP servers and AI agents, according to
Datadog, which provides a software-as-a-service (SaaS) platform.
“MCP servers are central to developing AI assistants and workflows that are deeply integrated with your environment,”
Yuki Matsuzaki, senior security sales engineer at Datadog, and
Mallory Mooney, a tech writer with the company,
wrote earlier this year. “They serve as a bridge to a wide variety of LLM providers, data sources, and remote services, so their usage is quickly becoming a new way attackers can target your systems.”
There are
myriad risks, from authentication and authorization issues to supply chain issues, unauthorized command execution, prompt injections, and sampling, according to
Florencio Cano Gabarda, principal product security engineer for AI security and safety at
Red Hat.
MCP server adoption is happening rapidly, with analysts from
Dimension Market Research predicting the global market will grow from more than $2.71 million this year to more than
$5.56 trillion by 2034. Given that, securing them will be crucial to ensuring organization continue to adopt the technology.
Visibility and Detection are Keys
The components within the startup’s TrojAI Defend for MCP including the ability for organizations to discover all MCP servers in their environments and identify the tools associated with each, monitor all MCP traffic – including prompts and responses – detect and prevent changes to tool definitions, and apply MCP-specific polices via a policy engine that allows them to inspect, audit, and enforce security in real time.
TrojAI’s architecture and its new tool for protecting MCP servers can also be used by partners "to help service providers secure this expansion, delivering scalable, policy-driven protection for agentic AI environments. TrojAI Defend for MCP turns MSPs and MSSPs into trusted AI runtime guardians,” said Weiner, who came on board more than a year ago when the company announced raising
$5.75 million in additional seed funding.