Platform Pillar
MCP Security
The Model Context Protocol gives AI agents a standard way to call tools and read data — but it also introduces a new attack surface. MCP security is about closing the gaps between what an AI client can request and what it should be allowed to do.
Risks and how Squidward mitigates them
Credential exposure
AI clients that hold raw provider tokens can leak them through logs, prompts, or compromised extensions.
Squidward stores provider credentials server-side and injects them only when forwarding a request. AI clients never see them.
Unauthorized tool invocation
Without enforcement, any connected MCP tool can be called by any client with network access to it.
Every call is checked against entitlements and policies before it reaches a provider MCP server.
Prompt injection via tool output
Malicious content returned by a tool call can manipulate an AI agent into taking unintended follow-up actions.
DLP scanning and policy rules can flag, redact, or quarantine tool responses before they reach the AI client.
Untrusted or unreviewed MCP servers
Third-party MCP servers can be misconfigured or malicious, and are often connected without security review.
Squidward's provider catalog and connection review process centralize which MCP servers your organization trusts.
Learn how the gateway works
See how the MCP Gateway enforces policy on every call.