Experimental MCP Support

Pomerium now offers experimental support for securing access to Model Context Protocol (MCP) servers, bringing zero trust principles to agentic AI workflows. MCP turns language models into autonomous agents that can query databases, trigger workflows, and update infrastructure. But when AI agents have this power, traditional security models break down. Most organizations are deploying MCP servers directly exposed to agents, creating significant security risks.

Highlights:

Unified access control – Apply the same identity-based policies to AI agents that you use for human users and services. No more separate security models or access sprawl across your infrastructure.

Granular enforcement – Control access at every level: which MCP servers an agent can reach, down to individual tools within each server. Policies can restrict entire servers, specific functions, or individual tools based on context and identity.

Comprehensive audit trail – Every MCP method call, tool parameter, and authorization decision is logged with full context. Critical for compliance, incident response, and understanding how AI agents interact with your systems.

Zero trust for AI workflows – Unlike static OAuth scopes, Pomerium's policies adapt to changing conditions with rate limiting, time-based restrictions, and behavioral monitoring to prevent runaway AI processes.

OAuth2 gateway – Pomerium acts as a secure gateway between MCP clients and servers, handling OAuth 2.1 flows with upstream services so you don't need to implement OAuth in your MCP server. Features proper token separation and PKCE support with policies that adapt to changing conditions.

See our MCP documentation and demo application to get started with secure AI agent access.

Note: This is an experimental feature and may change in future releases. We welcome feedback as we refine MCP support for production environments.