Deployment fit

Map agent risk to the right control layer

Use McpVanguard when MCP tool calls need runtime enforcement. Use VEX when consequential actions need explicit authorization, review, and evidence.

Layer selector
MCP tool callRuntime enforcement
High-risk actionAuthorization evidence
Mixed workflowBoundary + review trail
MCP tool risk
Use McpVanguard

Block unsafe tool calls before execution.

Approval risk
Use VEX Protocol

Authorize consequential actions and preserve evidence.

Mixed deployment
Use both layers

Enforce live policy and preserve high-risk decision records.

Internal copilots and knowledge agents

Security and platform teams

Metadata poisoning and unsafe retrieval can turn a helpful internal assistant into a data-leak or policy-bypass vector.

McpVanguard inspects inbound MCP requests and selected server metadata before execution, with deterministic enforcement at the tool-call boundary.

Input inspectionContext sanitizationCredential protection

Control tool use and eliminate context-driven hijacking before it happens.

Inspect MCP traffic
Constrain retrieval tools
Record blocked actions
Example control surface

Block untrusted tool metadata before model exposure; restrict retrieval tools to approved knowledge sources; alert on sensitive data in outbound parameters.

Cloud and platform agents

Infrastructure and DevOps teams

Agents with network or shell access can be redirected toward internal systems, metadata endpoints, or unsafe file paths.

Policy controls enforce network egress controls, filesystem path boundaries, and execution constraints before requests reach sensitive surfaces.

Egress controlsPath normalizationExecution boundaries

Prevent agents from reaching internal systems, metadata endpoints, or unsafe paths.

Deny private ranges
Normalize filesystem paths
Require scoped tools
Example control surface

Deny requests to localhost, RFC1918 ranges, and cloud metadata endpoints; normalize paths before filesystem access; require allowlisted tools per session.

Regulated workflows and approvals

Governance and compliance teams

Teams need more than model logs when decisions affect transactions, records, or regulated operations.

VEX Protocol wraps governed actions in reviewable evidence that can support governance, audit, and post-incident review.

Evidence recordsAction provenanceReview workflows

Clear documentation, independent reviewability, and accountable records for governed actions that matter.

Capture proposed action
Bind authorization basis
Preserve witness evidence
Example control surface

Capture proposed action, authorization basis, identity context, execution outcome, and witness evidence for regulated approvals.

Multi-agent orchestration

Agent platform builders

As tasks move between agents, authority can drift and tool access can expand in ways teams did not intend.

Governed execution makes permission boundaries explicit and keeps enforcement outside the model's own reasoning path.

Scoped authorityDelegation controlsSession boundaries

Maintain clear separation of responsibility as agent systems grow more complex.

Bind scoped handoffs
Reject authority drift
Preserve decision chain
Example control surface

Bind each agent handoff to scoped authority, reject out-of-scope delegation, and preserve the decision chain across the workflow.

Ready to secure your AI infrastructure?

We work with teams that need a cleaner control model for agent systems before their agents act on real systems.