TL;DR

Model Context Protocol (MCP) is here, and LLMs are already making requests to your internal systems. The existing security model wasn’t built for this new world of autonomous agents.

In our latest conversation with RedMonk, we explored what breaks when agents enter the picture—and what to do instead.

Real-time, context-aware authorization is the key to securing MCP and agentic access.

Watch the demo: Agentic Access: Securing MCP Servers in Enterprise Environments

What We Heard From RedMonk

MCP is real. Analysts are watching it. Teams are already experimenting with it.

But securing it is still an open problem.

That was the clear takeaway when we sat down with RedMonk analysts James Governor and Rachel Stephens. As they put it:

“MCP isn’t hypothetical anymore. It’s not whether, it’s when. And when is now.”

The problem? The security layer hasn’t caught up.

LLMs Are Already Taking Actions

MCP connects models like Claude or ChatGPT to internal systems. Not just to ask questions—but to do things.

LLMs can:

• Pull reports from databases

• Edit issues in GitHub

• Move deals in Salesforce

This isn’t theoretical. It’s already happening. And most setups give these agents too much access.

Why Current Security Models Break

James said it well:

“We’ve been talking about Zero Trust for a while, but we never actually made it so… Then you get agents and, well, suddenly things break.”

Here’s what breaks:

• VPNs. They don’t apply. Cloud models can’t tunnel into your private network.

• OAuth. It’s not built for fine-grained, per-request authorization.

• Sessions. A single prompt can go sideways and leak data instantly.

LLM agents behave more like people than services. But they aren’t either. That’s where the gap is.

Real-Time Authorization Secures Agentic Access

We built a solution to solve this. It enforces access rules at the request level for humans, services, and now agents.

How it works:

• Request-level enforcement. Each agent action is checked before it runs.

• Identity-aware. You know which identity triggered what. Human, service, or agent.

• Fully auditable. Every action is logged and traceable.

We demoed this live using Claude and Microsoft’s MCP example. You can watch the walkthrough here.

We’re calling this what it is: Agentic Access Management.

We’re publishing the thinking, showing how it works, and open-sourcing the tools—so teams can secure agents right now.

15-minute demo → YouTube

Try it yourself → Demo

Get a demo → Speak with sales