Newest capabilities enable organizations to close the visibility gap and secure every AI interaction
DENVER, Colo. – SurePath AI, the security and governance platform that governs any of the AI solutions that you build, adopt, or buy, today announced MCP Policy Controls, which provides real-time controls over what MCP servers and tools are allowed to be used. The new capability helps organizations adopt MCP safely with visibility and safeguards from day one.
“MCP has quickly evolved from a buzz-acronym to the backbone in next-gen AI-powered workflows,” said Randy Birdsall, CPO and Co-Founder, SurePath AI. “In fact, we are seeing the same pattern when ChatGPT first became available – rapid adoption, little oversight, and a surface-level understanding of risks. The reality is that MCP introduces an entirely new attack surface, one that many organizations are already exposing without realizing it, but blocking MCP is not practical. Instead, it needs to be managed securely, and that means moving beyond traditional firewall and IAM policies. Modern organizations need to put into place controls that are specific to how MCP operates. Only then can security teams confidently support AI adoption without hindering innovation.”
MCP is a direct line from generative AI clients to the systems that enable a business to operate. These lightweight MCP tools can run locally on a user’s laptop and are often launched silently by AI desktop apps like ChatGPT, Claude, and Cursor. They also link to internal tools, such as Google Drive, Salesforce, and AWS management APIs. This presents new security challenges – AI is now issuing real commands, authenticated as the end user. While cloud-based MCPs offer some guardrails, they also increase surface area. For instance, multiple agents connected to a mix of local and remote MCP servers can create tangled pathways for data sprawl and lateral movement.
SurePath AI was purpose-built to solve these challenges by applying policy-based control over what MCP servers and tools are allowed to be used before anything is executed. As the only platform that is schema-aware enough to transform these requests, SurePath AI enforces an organization’s policies on exactly which MCP servers and tools are allowed by controlling local MCP hosts and their connections to local MCP servers. These policies can leverage built-in classifications of whether a tool is destructive or not, or be customized explicitly to each organization’s security requirements.
To mitigate risk on the remote side, SurePath AI maintains a catalog of known MCP servers and endpoints. All protected MCP traffic is routed through its platform, where access controls are applied in real time, even down to the specific tool. SurePath AI’s new capability also uncovers supply chain threats by detecting never-before-seen MCP tools that could impersonate other tools or attempt to exfiltrate data outside the approved security perimeter.
Key features include:
- MCP Tool Discovery: Discover MCP tools through monitoring MCP usage in AI tools across the workforce by intercepting MCP payloads and removing tools that are either blocked by policy or in violation of capability requirements, such as tools that are not read-only. When a tool violates policy, it is removed from the MCP payload before being sent to the backend service, which means that the service will not have access to leverage that tool.
- MCP Tool Block List: Explicitly block specific MCP tools that have been discovered in the environment. Blocked tools are removed from MCP payloads before they reach backend services.
- MCP Tool Allow List: Allow specific MCP tools that have been discovered in the environment. Allowed tools will always be included in MCP payloads.
- Allow Read-Only: When enabled, automatically enables all read-only MCP tools without requiring them to be added to the Allow List, streamlining policy management for lower-risk tools.
- Catch-All Action: Determine the default action taken for MCP tools that are not explicitly allowed or blocked, providing control over how the system handles tools that fall outside of the defined block and allow lists.
- Auto-Discovery and Classification: Gain insights into MCP tools, like whether they are well-known or just built on someone’s laptop
For more information, visit surepath.ai.
About SurePath AI
SurePath AI is a purpose-built security and governance platform designed for CISOs, security teams, and AI governance leaders who need visibility, control, and policy enforcement across their organization’s use of AI. Whether teams are experimenting with ChatGPT, integrating LLMs into products, or working with enterprise providers like Amazon Bedrock, SurePath AI ensures safe adoption without slowing innovation.
With real-time usage detection, data redaction, and model-level policy enforcement, SurePath AI secures both sanctioned and unsanctioned (Shadow AI) activity, plugging directly into your existing security stack. Organizations trust SurePath AI to help them operationalize and govern AI usage at the network layer across public and private models, AI coding assistants, homegrown applications, and autonomous agents.
