Check Point® Software Technologies Ltd. announced it has been named as a Recommended vendor in the NSS Labs 2025 Enterprise Firewall Comparative Report, with the highest security effectiveness score.
MCP Servers Solved Connectivity - But They're Not a Catch-All Solution
November 04, 2025
Since Anthropic released the Model Context Protocol (MCP) to give agents a standardized way to interact with third-party tools, we've seen a surge in adoption.
But connectivity is only half the equation.
Once you've connected your agents to Salesforce, Jira, Slack, and dozens of other systems, a more difficult set of questions emerges:
Which agents accessed what data?
Whose credentials did they use?
Where did that data move?
And who or what prompted the agent to make the tool call?
We've gathered feedback from hundreds of teams who were deploying agents in production. We consistently heard that MCP connects their agents, but it doesn't help them manage those connections at scale.
The Governance Gap
Most MCP implementations use broad API keys that grant blanket access to sensitive systems. When you need to rotate credentials, enforce least-privilege access, or revoke permissions for a specific user, you're stuck with manual processes that don't scale past a handful of agents.
Tool-calling observability is another blind spot. Traditional application monitoring tracks API latency and error rates, but it tells you nothing about whether an agent called the right tool, passed valid parameters, or accessed data it shouldn't have. When an agent inadvertently exposes customer PII or repeatedly hits an expensive API due to a logic error, you discover it when customers report the problem, not when it happens.
Compliance teams face similar challenges. Regulations like GDPR and CCPA require that you know what data you're processing and who has access to it. When agents process customer data across multiple systems, you need to demonstrate appropriate controls. That means logging every tool call with enough context to trace actions back to specific users, detecting when sensitive data moves between systems, and proving that you enforced access policies.
What Production Deployments Actually Need
The solution isn't just better logging or more granular API keys. What's needed is an orchestration layer that sits between your agents and the tools they access. This layer should handle credential management, enforce access policies, redact sensitive data before it reaches the agent, and provide full audit trails for every tool interaction.
Some teams are building this themselves. They're layering monitoring tools, implementing custom auth flows, and writing code to inspect and redact data in real time.
But implementing and maintaining all of this infrastructure and processes can be time and resource consuming. And it takes your engineers away from their core work, which includes improving your agents. So, in some cases you may want to adopt purpose-built platforms that handle these requirements out of the box.
Regardless of your approach, if you can execute it effectively, the governance problem won't keep you and your engineers up at night.
Industry News
November 06, 2025
November 06, 2025
Buoyant announced upcoming support for Model Context Protocol (MCP) in Linkerd to extend its core service mesh capabilities to this new type of agentic AI traffic.
November 06, 2025
Dataminr announced the launch of the Dataminr Developer Portal and an enhanced Software Development Kit (SDK).
November 05, 2025
Google Cloud announced new capabilities for Vertex AI Agent Builder, focused on solving the developer challenge of moving AI agents from prototype to a scalable, secure production environment.
November 05, 2025
Prismatic announced the availability of its MCP flow server for production-ready AI integrations.
November 05, 2025
Aptori announced the general availability of Code-Q (Code Quick Fix), a new agent in its AI-powered security platform that automatically generates, validates and applies code-level remediations for confirmed vulnerabilities.
November 04, 2025
Perforce Software announced the availability of Long-Term Support (LTS) for Spring Boot and Spring Framework.
November 04, 2025
Kong announced the general availability of Insomnia 12, the open source API development platform that unifies designing, mocking, debugging, and testing APIs.
November 04, 2025
Testlio announced an expanded, end-to-end AI testing solution, the latest addition to its managed service portfolio.
November 03, 2025
Incredibuild announced the acquisition of Kypso, a startup building AI agents for engineering teams.
November 03, 2025
Sauce Labs announced Sauce AI for Insights, a suite of AI-powered data and analytics capabilities that helps engineering teams analyze, understand, and act on real-time test execution and runtime data to deliver quality releases at speed - while offering enterprise-grade rigorous security and compliance controls.
October 30, 2025
Tray.ai announced Agent Gateway, a new capability in the Tray AI Orchestration platform.
October 30, 2025
Qovery announced the release of its AI DevOps Copilot - an AI agent that delivers answers, executes complex operations, and anticipates what’s next.
October 29, 2025
Check Point® Software Technologies Ltd. announced it is working with NVIDIA to deliver an integrated security solution built for AI factories.
October 29, 2025
Hoop.dev announced a seed investment led by Venture Guides and backed by Y Combinator. Founder and CEO Andrios Robert and his team of uncompromising engineers reimagined the access paradigm and ignited a global shift toward faster, safer application delivery.
