The MCP firewall for AI agents
Deploy AI agents
without opening
the doors.
Inline security and automatic EU AI Act evidence for regulated teams — one proxy between your agents and every tool and API.
Business trial · 14 days · no credit card · full compliance engine from day one
Three public breaches in the last twelve months used MCP as the attack vector — Supabase via Cursor, Postmark, and CVE-2025-6514 in mcp-remote (437,000 downloads). ShieldAgent would have intercepted all three.
Integrations
Works with every tool in your stack
AI Clients
MCP Servers
The problem
Nobody is guarding the protocol between AI agents and their tools.
Every MCP connection is an open window.
43% of MCP servers contain command injection flaws. 22% expose files outside their intended scope. 5% of open-source MCP servers are pre-seeded with tool poisoning attacks before you install them.
Supabase breach (2025): a Cursor agent read SQL injection payloads embedded in support tickets, exfiltrating the project's service_role key and GitHub OAuth tokens to a public GitHub thread in under 30 seconds.
The EU AI Act clock is running.
August 2, 2026. Fines up to €35M or 7% of global turnover. Eight mandatory sections of technical documentation. Continuous risk management. Automatic event logging. 10-year retention minimum. Over 50% of organizations have no AI inventory.
Enterprise compliance tools cost €50K–€200K/year. A seed-stage startup would burn up to 10% of its entire runway on regulatory paperwork alone.
Static RBAC can't keep up with reasoning agents.
Traditional access control was built for deterministic human behavior. An agent that reads emails today may decide to forward them tomorrow — via MCP or a direct HTTP API call — and your permission model has no way to prevent it. Agents have more access than your employees, move faster than your SOC.
The Postmark npm package injected a BCC header into every outgoing email, silently copying attacker@evil.com on password resets, invoices, and internal memos for 14 days before discovery. Static allowlists had no answer.
The insight
Security monitoring data
IS compliance evidence.
If you already sit in the data path — intercepting every tool call, logging every action, enforcing every permission — you already have everything regulators need.
One proxy, one data path, one platform — and both problems disappear.
Three pillars
Security and compliance from the same data path.
MCP Firewall
MCP + HTTP/REST API — one proxy for every agent connection.
ShieldAgent sits in the data path between your agents and their tools. Every MCP tool call and every HTTP API request passes through before reaching the server. It can stop a threat in 28ms. Observability tools can only tell you what happened — we prevent it.
- →Prompt injection detection (direct + indirect)
- →Tool poisoning & MPMA detection
- →Dynamic least-privilege per agent, per tool, per call
- →HTTP/REST API proxy — same pipeline for Stripe, GitHub, internal APIs
- →Data Loss Prevention — PII, credentials, financial data
- →Human-in-the-loop gates for high-risk actions
Compliance Autopilot
EU AI Act documentation that writes itself.
The eight mandatory sections of EU AI Act Annex IV technical documentation are generated from the traffic ShieldAgent already captures. No manual data entry. No consultants. No forms filled out once a quarter.
- →Annex IV all 8 sections — generated from your audit trail, always current
- →Real-time compliance score per AI system (0–100%)
- →Gap analysis with deadline countdown (Aug 2, 2026)
- →ISO 42001 + NIST AI RMF cross-mapping
- →Exportable PDF for auditors
Agent Passport
Show, don't tell. Verifiable security per agent.
Stop explaining why your AI agents are secure. The Agent Passport is a shareable, verifiable certificate per agent — a real-time summary of its security posture and compliance status, accessible via public URL. Like SOC 2 trust pages, but for every agent.
- →Shareable URL per agent — show clients instantly
- →Real-time security posture score (0–100)
- →Compliance framework coverage listed
- →Policy controls summary
- →Flywheel: your clients see it, they want it too
How it works
From tool call to compliance evidence in under 50ms.
Deploy in shadow mode in 5 minutes. See what would have been blocked. Enable enforcement when ready.
The ShieldAgent proxy receives the agent's MCP tool call or HTTP/REST API request. Zero code changes to your agent — just update the endpoint.
Policy engine verifies the agent is authorized. Injection scanner checks for malicious payloads. DLP scan ensures no sensitive data escapes.
If all checks pass, the request is forwarded. If any check fails, the call is blocked, the agent is notified, and an incident is raised. No downstream damage.
The full interaction is logged to an immutable audit trail. The compliance engine updates Annex IV documentation and recalculates the agent's risk score.
Security teams see live activity. Compliance officers see their documentation update. Clients see the Agent Passport badge showing verified secure status.
The ShieldAgent proxy receives the agent's MCP tool call or HTTP/REST API request. Zero code changes to your agent — just update the endpoint.
Policy engine verifies the agent is authorized. Injection scanner checks for malicious payloads. DLP scan ensures no sensitive data escapes.
If all checks pass, the request is forwarded. If any check fails, the call is blocked, the agent is notified, and an incident is raised. No downstream damage.
The full interaction is logged to an immutable audit trail. The compliance engine updates Annex IV documentation and recalculates the agent's risk score.
Security teams see live activity. Compliance officers see their documentation update. Clients see the Agent Passport badge showing verified secure status.
Shadow Mode — zero-risk deployment
Connect ShieldAgent without blocking anything. Get a full report of what it would have blocked, what vulnerabilities it found, and how much your risk score would improve with enforcement active. The same playbook Cloudflare and Datadog used.
Agent Passport
Give every AI agent a verified identity.
A cryptographically signed security certificate per agent — risk score, tool permissions, and compliance status in one shareable URL. Issued automatically. No extra configuration.
Apex Procurement Agent
Risk
18/100
Tools
6
Risk scoring
Four tiers. No ambiguity.
0–100. Weighted. Updated continuously.
A single number tells your security team exactly how much to trust an agent. Weighted across security events, compliance gaps, integrity checks, and operational health. Score updates every time a new event is logged — recent events weighted more heavily.
Full throughput — no restrictions.
Rate reduced. Review recommended.
Heavily rate-limited. Monitoring forced.
Agent blocked. Manual release required.
Enforcement applied automatically by the ShieldAgent proxy. Full scoring methodology →
Ed25519-signed passport issued per agent. Tool allowlist, compliance status, and risk score — tamper-evident and independently verifiable.
Verify the signatureShare an internal passport URL with your security team before an agent goes live. Risk posture, blocking history, and compliance evidence in one place — no system access needed.
See the internal viewOne line of HTML drops a live SVG badge into any GitHub README, vendor portal, or marketplace listing. Badge always reflects the current verified status.
Embed the badgeWhy existing tools leave a gap
Security vendors don't understand the EU AI Act. Compliance vendors don't understand MCP.
ShieldAgent does both — because they're the same data path. Runtime security + compliance evidence from a single inline proxy.
| Capability | ShieldAgent | Langfuse | Credo AI | CyberArk | Promptfoo |
|---|---|---|---|---|---|
| Inline threat blocking (real time) | ✓ | ✗ | ✗ | partial | ✗ |
| MCP protocol native understanding | ✓ | ✗ | ✗ | ✗ | partial |
| HTTP/REST API proxy (same pipeline) | ✓ | ✗ | ✗ | ✗ | ✗ |
| EU AI Act Annex IV documentation | ✓ | ✗ | partial | ✗ | ✗ |
| Runtime access control (per call) | ✓ | ✗ | ✗ | partial | ✗ |
| Agent Passport (shareable cert) | ✓ | ✗ | ✗ | ✗ | ✗ |
| Shadow mode deployment | ✓ | n/a | n/a | ✗ | ✗ |
| Compliance from real traffic data | ✓ | ✗ | partial | ✗ | ✗ |
Observability only — sees what happened, cannot prevent it.
GRC governance — requires manual data entry, no runtime connection.
Machine identity for agents — does not understand MCP protocol semantics.
Pre-deployment testing — no runtime protection after deploy.
Observability only — sees what happened, cannot prevent it.
GRC governance — requires manual data entry, no runtime connection.
Machine identity for agents — does not understand MCP protocol semantics.
Pre-deployment testing — no runtime protection after deploy.
These tools solve real problems. ShieldAgent complements them by adding the runtime security and compliance layer they don't cover.
Regulatory coverage
Compliance evidence from the data you already capture.
EU AI Act
Full Annex IV technical documentation generated from your audit trail. Continuous risk management (Art. 9). Event logging (Art. 12). Human oversight evidence (Art. 14). Post-market monitoring (Art. 72). For Position E (Verdict API) deployments, Annex IV includes the customer's enforcement mechanism and verdict enforcement rates.
- Annex IV — 8 mandatory technical documentation sections
- Article 9 — Continuous risk management system
- Article 12 — Automatic event logging
- Article 14 — Human oversight mechanisms
- Article 72 — Post-market monitoring plan
ISO 42001
AI management system requirements mapped to ShieldAgent controls. Policy framework, risk assessment procedures, and monitoring evidence aligned to the standard.
- Clause 6 — AI risk assessment & treatment
- Clause 8 — AI system operations controls
- Clause 9 — Performance evaluation
- Clause 10 — Continual improvement
NIST AI RMF
Govern, Map, Measure, and Manage functions mapped to ShieldAgent's proxy controls, audit trail, and risk scoring system.
- GOVERN — Policy & accountability structure
- MAP — AI risk identification & categorization
- MEASURE — Quantified risk via risk scores
- MANAGE — Active mitigation via inline blocking
SOC 2
Type II — audit in progress
SOC 2 Type II audit in progress. Controls below are live in-product with continuous evidence collection via the Merkle-tree audit trail; third-party attestation report pending auditor sign-off. Position E (Verdict API) deployments are compliant when combined with the customer's own enforcement controls.
- CC6 — Logical & physical access controls
- CC7 — System operations monitoring
- CC8 — Change management evidence
- A1 — Availability monitoring & SLA tracking
Trust Center
Sub-processors, data handling, incident response SLAs, and responsible disclosure — all in one place.
FAQ
Common questions.
Time remaining until EU AI Act enforcement deadline (August 2, 2026): 0 days, 0 hours, 0 minutes, 0 seconds.
Start protecting your agents today.
Book a 20-minute demo, or start the 14-day Business trial and install the proxy in shadow mode in five minutes.