Skip to main content
Agents turn LLMs into systems that do things: query databases, hit APIs, send email, execute code. That power is also the risk. MCP and tool security in TrustGate give you the controls to keep that behavior inside a safe envelope.

What is MCP

MCP (Model Context Protocol) is an open standard that lets models invoke external tools — functions exposed by MCP servers. A tool is any capability the model can call: db.query, calendar.create_event, http.request, shell.exec, and so on. From a security standpoint, MCP matters because:
  • The model decides which tool to call, not the developer.
  • Tool arguments are generated from the conversation, not hand-written.
  • Tools often have side effects — data writes, outbound requests, code execution.

Risks to control

Dangerous execution

Tools like sql.execute, shell.exec, or arbitrary code runners can be coerced by a prompt injection.

API misuse

Unsafe calls to internal APIs — wrong tenant, excessive scope, high-cost endpoints.

Data exfiltration

A tool call can send confidential context to an external endpoint.

Recursive agent behavior

Agents can loop, self-invoke, and spawn child agents in ways that bypass assumptions.

The three tool controls

TrustGate ships three composable controls that answer different questions and work best together. Each runs at a different point in the tool-call lifecycle — before the model plans, while it plans, and after it emits a call.

Tool permission

Which tools is the model even allowed to see? Filters the tools array in the LLM request using an allow-list or deny-list, so unauthorized tools are removed before they reach the model.

Tool guard

Is the agent’s own definition clean? Scans the system prompt, tool descriptions, and function descriptions for jailbreak attempts and prompt injections planted in the agent itself.

Tool selection

Is the tool call the model produced actually valid? Name, schema, and optional semantic validation of the tool call emitted in the response — catches hallucinated tools and malformed arguments.

How it fits with policies

Tool security uses the same Policies & Enforcement engine as prompt and response controls. A tool call is just another request through the gateway; TrustGate inspects the tool name, its arguments, and any context, then applies the matching policy with the standard action set (allow, log, mask, block).

Policies & Enforcement

Author the policies that govern tool calls.

Observability

Trace which tools fired, with which arguments, and with which decisions.