TrojAI has launched its new AI runtime defense solution for agentic AI workflows, TrojAI Defend for MCP. Model Context Protocol (MCP) is an open protocol that allows AI agents to connect with external data, tools, and services in a standardized way enabling AI innovation at a rapid pace. TrojAI Defend for MCP was built to monitor traffic to and from MCP servers, providing unified visibility, policy analysis, and runtime enforcement across agents and MCP gateways.
“Enterprises are innovating with AI at a rapid pace and moving toward sophisticated agentic AI workflows. The rise of MCP is accelerating that adoption. Unfortunately, security often lags behind,” said Lee Weiner, CEO of TrojAI. “With TrojAI Defend for MCP, we are enabling the adoption of agents using MCP by ensuring these advanced workflows are secure. By monitoring agentic workflows in real time in production systems, TrojAI Defend for MCP helps customers not just keep pace with new and evolving threats but get ahead of them.”
As enterprises deploy MCP at scale, they face a new class of operational and security risks. Unauthorized MCP servers and agents can emerge outside approved governance, while unvetted tools may execute malicious code or exfiltrate sensitive data. Tool definitions themselves can drift, be tampered with, or poisoned, leading to altered instructions and hidden payloads.
Security controls like firewalls and DLP lack visibility into MCP runtime behavior, leaving blind spots for prompt injection and policy enforcement. Organizations must now monitor for data leakage, privilege escalation, cross-agent manipulation, and compliance breaches within this new runtime layer.
TrojAI Defend for MCP gives security teams the visibility, policy control, and runtime enforcement needed to secure MCP deployments. It extends TrojAI Defend to the MCP layer, ensuring that every server, agent, and tool operates within approved governance and audit frameworks. TrojAI Defend for MCP eliminates blind spots, detects tampering, and stops unauthorized use before it becomes a breach.
- MCP server registry and tool approval: Discover all MCP servers in an organization’s environment. Register approved servers to eliminate “shadow” MCP instances. Identify tools associated with each server, approving only those that meet enterprise security standards.
- MCP traffic visibility: Monitor all MCP traffic, including prompts and responses, to and from each server. Block connections to unregistered or rogue servers, eliminating hidden communication paths. Protect against attacks like prompt injection and data exfiltration.
- Tool change detection and prevention: Continuously track changes in tool definitions to prevent tampering, drift, or poisoning. Automatically alert or block when unapproved tools appear or when new MCP server traffic flows through proxies or gateways outside approved paths.
- MCP policy engine: Apply MCP-specific policies that inspect, audit, and enforce security in real time. These policies strengthen governance by ensuring that all agent interactions comply with enterprise data handling rules, and also provide a detailed audit trail for compliance and incident response.