AI Security Index/MCP Security

MCP Security Directory

The Model Context Protocol connects agents to tools — and every connection is an attack surface: tool poisoning, rug pulls, cross-server shadowing, and data exfiltration through tool arguments. These are the gateways, scanners, and governance tools that secure MCP traffic in 2026.

18 tools listed • part of the Guardion AI Security Index

Guardion Claude Code Plugin

Open Source

The official Guardion plugin for Claude Code: hook-based lifecycle telemetry, destructive and denied-action detection, and a session-start scan of every skill, MCP server, plugin, and built-in tool the agent can reach. Installs from the Guardion plugin marketplace in two commands.

Coding Agent Governance
Free / Open Source (MIT); Guardion account for telemetry

Guardion Security Gateway (MCP)

Guardion
AARM aligned

Guardion's security gateway governs MCP traffic inline: every tool call passes policy checks, runtime guardrails, and DLP (PII and secrets) before reaching the MCP server, with detection & incident response over agent behavior. Connect once, zero instrumentation, policy decisions in under 130ms.

MCP Gateway & Governance
Free trial; usage-based

Lasso Security

AARM aligned

A GenAI-first platform focused on protecting LLM interactions, offering a secured gateway, browser integrations, and specialized protection for AI agents via MCP.

LLM Interaction & Agent Security
Custom Quote

Akto

AARM aligned

Designed to protect AI agents and Model Context Protocol (MCP) workflows through automated discovery, red teaming, and guardrails.

Agentic AI Security
Free Tier / Enterprise

Snyk (Invariant Labs)

Open Source

Snyk acquired Zurich-based Invariant Labs in June 2025, folding the research team that coined 'tool poisoning' and 'MCP rug pulls' into Snyk Labs. Invariant's mcp-scan lineage lives on in the open-source Snyk Agent Scan, detecting 15+ risks across MCP servers and agent skills, and feeds Evo by Snyk, its agentic security orchestration platform launched October 2025.

Agentic AI & MCP Security
Free OSS scanner; enterprise via Snyk platform / Evo

Runlayer

AARM extended

Enterprise AI control platform combining an MCP gateway, threat detection on every request, shadow-AI discovery, and identity-aware permissions via Okta/Entra. Launched from stealth in November 2025; by mid-2026 customers include Gusto, Instacart, dbt Labs, and PagerDuty. Holds AARM Extended conformance — the highest tier in the CSA registry.

MCP Gateway & Governance
Enterprise SaaS (quote)

Virtue AI

Founded in 2024 by professors Bo Li, Dawn Song, Sanmi Koyejo, and Carlos Guestrin, Virtue AI offers VirtueRed (continuous algorithmic red teaming, 600+ attack vectors) and VirtueGuard (real-time multimodal guardrails), plus AgentSuite for agentic systems including MCP Guard. Raised $30M in combined seed and Series A in April 2025.

AI Red Teaming & Guardrails
Enterprise subscription

mcp-scan (Snyk Agent Scan)

Open Source

Created by ETH Zurich spin-off Invariant Labs and maintained by Snyk since its June 2025 acquisition, mcp-scan auto-discovers agent configurations (Claude, Cursor, Windsurf, Gemini CLI) and scans MCP servers, skills, and harnesses for 15+ risk categories including prompt injection, tool poisoning, tool shadowing, and toxic flows. Rebranded Snyk Agent Scan; v0.5.12 released June 2026.

MCP Security Scanning
Free / Open Source (Snyk API token required)

Stacklok ToolHive

Open Source

Apache-2.0 platform from Stacklok (co-maintained with Red Hat) that runs MCP servers in isolated containers with fine-grained permissions, network controls, and encrypted secrets, managed via a desktop UI, CLI, or Kubernetes operator. By mid-2026 it is production-ready with a curated registry and a Virtual MCP gateway; Stacklok Enterprise layers on SSO and central management.

MCP Server Management
Open Source (Apache 2.0); paid enterprise tier

Knostic

Enforces need-to-know access controls on enterprise AI assistants and copilots to stop LLM oversharing and data leakage. By 2026 it has expanded into securing AI agents and coding assistants — including MCP servers, skills, and IDE extensions — via Kirin and Shadow AI Spotlight. Founded by Sounil Yu and Gadi Evron.

AI Access Control
Enterprise subscription

Docker MCP Gateway & Catalog

Open Source

Docker's MCP Catalog distributes 300+ verified MCP servers as signed container images with SBOMs, while the MCP Toolkit and open-source MCP Gateway run them in resource-limited, isolated containers behind a single endpoint with logging, interceptors, and secrets blocking. In May 2026 Docker extended this into Docker AI Governance for centralized agent and tool policy.

MCP Distribution & Isolation
Free with Docker Desktop; gateway open source; enterprise via Docker Business

Archestra

Open Source

An open-source platform specifically designed to manage and secure Model Context Protocol (MCP) servers, providing a control plane for agent-tool interactions.

MCP Governance
Open Source / Enterprise

MintMCP

AARM core

Enterprise MCP gateway and agent-governance platform adding OAuth/SSO, least-privilege agent identities, audit trails, and secret/PII scanning in front of MCP servers used by Claude, Cursor, and custom agents. Founded by ex-Google Brain engineers, backed by Coatue and Andrej Karpathy; customers include Coursera and Harvey AI. AARM Core conformant.

MCP Gateway Governance
SaaS subscription (enterprise plans)

Formal

AARM core

A protocol-aware reverse proxy that parses 15+ wire protocols — Postgres, MongoDB, Snowflake, SSH, Kubernetes, S3, and MCP — and enforces least-privilege policies inline at query level. In 2026 it positions as AI-native PAM, proxying agent access to data stores with PII masking and tool-call blocking. Backed by Thrive Capital and Y Combinator; AARM Core conformant.

Protocol-Aware Access Control
Enterprise (quote)

General Analysis

AARM aligned

San Francisco startup providing automated AI red teaming with post-trained attacker models, AI detection and response, runtime guardrails, and AI asset management across agents, copilots, and MCPs. Known for headline exploits like the Cursor/Supabase MCP data-leak disclosure; founded 2025 by researchers from Cohere, NVIDIA, and DeepMind; $10M seed led by Altos Ventures (April 2026).

AI Red Teaming & Monitoring
Enterprise (demo-led)

Levo.ai

AARM aligned

Runtime security platform using eBPF sensors to discover and protect APIs, AI agents, LLMs, MCP servers, and vector stores without code changes or SDKs. Its 2026 platform pairs an established API security suite with AI red-teaming, an AI gateway/firewall, and MCP discovery and testing.

API & AI Runtime Security
SaaS subscription (free trial)

Repello AI

AARM aligned

Combines ARTEMIS, an automated red-teaming engine testing AI systems against 15M+ attack patterns in 100+ languages, with ARGUS runtime guardrails that block malicious inputs in under 100ms, plus AI asset inventory and an MCP gateway. Guardrail policies are auto-calibrated from red-team findings.

AI Red Teaming & Guardrails
Enterprise (free red-team scan available)

Unbound Security

AARM aligned

YC-backed platform that discovers, risk-scores, and governs AI coding agents and tools — Claude Code, Cursor, Copilot, MCP servers — at the endpoint, enforcing allow/deny policies on agent actions with audit logging. Its AI gateway adds real-time data-leak protection; customers include Siemens, WeWork, and Flipkart.

Enterprise AI Usage Governance
Freemium + paid tiers

Govern MCP traffic inline

GuardionAI inspects every MCP and tool call at the gateway — policy, guardrails, and PII/secrets DLP with sub-130ms guardrails latency.

See it live