I’m curious if anyone has considered (or is) putting a proxy/gateway in front of every MCP used by their company to “guardrail” data that goes in and out eg checks for sensitive PII, prompt infection, etc?
zingababba•1mo ago
We've been exploring solutions. MCP registry/gateway, everything kind of sucks at the moment. The other problem is unless you have an extremely good enterprise endpoint approach nothing is going to stop users from not using your orgs MCP gateway. GitHub has the MCP registry setting but that only works if you are logged into vscode. Any other MCP client can still do whatever and as you probably know worst case an MCP client can be vibed in no time.
Trying to catalog MCP use at a users endpoint is an exercise in either scraping for client settings.json or traffic inspection. Crowdstrike recently acquired pangea and are developing these capabilities for example.
epec254•1mo ago
zingababba•1mo ago
Trying to catalog MCP use at a users endpoint is an exercise in either scraping for client settings.json or traffic inspection. Crowdstrike recently acquired pangea and are developing these capabilities for example.