MCP security

MCP security is the set of controls that make it safe to give an AI agent access to tools and data over the Model Context Protocol. The core risks are familiar from any integration surface: an over-privileged tool, a leaked credential, or untrusted content in a tool response that tries to steer the agent. Securing an MCP connection means authenticating the client, scoping each tool to the narrowest ability it needs, keeping secrets out of the agent, and treating tool output as data rather than instructions.

Credential isolation is the part most specific to a marketplace of paid tools. If an agent has to hold every provider's API key to call it, each connected agent becomes a place that key can leak from. The safer design keeps upstream credentials on the server and never hands them to the agent at all, so a compromised client cannot expose a provider secret.

Proxygate applies this directly. Provider keys live in the gateway and are injected server-side per request, so the agent authenticates only to Proxygate and never holds an upstream credential. Access is scoped (a call that spends requires an explicit trade scope), every paid call returns a signed receipt for an auditable trail, and an optional response-scanning mode can flag or block suspect upstream content. The same protections apply whether the agent connects over MCP, the SDK, the CLI, or REST.