AI agent security
at the moment of action.
The crisis of the future is not intelligence. It is self-authorization.
ProvnAI puts a control point between model reasoning and real action, before agents touch MCP tools, data, or infrastructure.
Without a control point, text becomes authority.
Governed execution means no AI agent action reaches a real system until it has been inspected, authorized, and recorded with reviewable evidence.
Define governed executionSecrets read outside scope
A file tool receives a path like /etc/secrets/.env or a traversal payload that escapes the intended workspace.
McpVanguard normalizes the path, evaluates it against policy, and blocks the call before the filesystem sees it.
Internal services reached
A web or API tool is redirected toward localhost, private ranges, or cloud metadata endpoints.
Configured URL/IP rules can block selected unsafe destinations in routed MCP tool calls before they reach the upstream tool.
Authority drifts silently
A long-running agent expands from harmless retrieval into privileged action because the model treats context as permission.
Governed execution separates proposal, authorization, execution, and evidence so governed routed actions can be policy-checked.
Selected governed actions
leaves evidence behind
In VEX-integrated deployments, selected governed actions can preserve what the agent tried to do, who authorized it, which policy applied, and how the evidence was preserved.
Policy enforced
The action is checked outside the model before it reaches privileged tools.
Governance context
Selected VEX-governed records can preserve the agent, session, and approving principal.
Evidence integrity
VEX-integrated deployments can preserve selected records in tamper-evident form for later review.
Execution boundary layers
Start with McpVanguard to enforce the MCP execution boundary today, or design governed execution with VEX when actions need authorization, evidence, and review.
McpVanguard
An open-source MCP security proxy that enforces the execution boundary: inspect routed tool calls, block unsafe outcomes, and return explicit policy decisions before routed calls reach upstream systems.
VEX Protocol
Separate proposal from permission for consequential actions in governed flows. Authorization decisions can be preserved with verifiable evidence your auditors can review independently.
Why governed
execution matters
AI agents now execute code, call APIs, and make decisions. The infrastructure granting them this power was built for human operators. The authorization model was not updated.
Observation is not permission.
If an AI agent can modify files, call APIs, or execute code, logging the action afterward is not enough. The action needs an explicit control point before consequence.
Controls must sit outside the model.
Relying on the model to enforce its own constraints is a single point of failure. Policy should be enforced in a layer the model cannot rewrite, negotiate, or bypass through prompt engineering.
Identity should not be implicit.
When agents take action on behalf of users or systems, the chain of attribution must be explicit and verifiable. Identity should be explicit, and where needed can be rooted in hardware-backed or protocol-level trust, not inferred from session context.
Governance is infrastructure, not an afterthought.
Evidence, audit trails, and enforcement boundaries should be built into the architecture from the beginning. Retrofitting them onto systems designed for speed alone is expensive and usually incomplete.
Choose the path that matches your rollout
Start with MCP tool-call controls, threat analysis, or governed authorization evidence depending on where your agent program is today.
For AI Developers
Put an MCP security proxy in front of tool calls before they execute. Ship agent features faster without treating model intent as permission.
For Security Teams
Catch injection, exfiltration, and unauthorized access at the execution boundary, before agent text becomes production action.
For Governance Teams
Separate proposal, authorization, execution, and evidence so high-risk agent actions stay reviewable without spreadsheet archaeology.