AWS just made the case for deterministic policy at the MCP gateway
AWS built AgentCore Policy on Cedar: deterministic authorisation at the MCP gateway, outside the LLM loop. The architecture PolicyLayer ships.
// TAG
Policy
9 posts
The NSA just made the case for a policy layer in front of MCP
The NSA published 17 pages on MCP security. We map every recommendation to where enforcement actually happens: the call path between agent and tool.
MCP Authorization: Scoping What Agents Are Allowed to Do
Authentication proves who is calling. MCP authorization decides what they can do. Here is how to add per-tool, per-argument limits to AI agents.
Stop Your GitHub MCP Agent From Force-Pushing to main
Branch-level Deny if rules and protected-repo allowlists for the GitHub MCP server. Stop autonomous agents force-pushing to main or deleting your repos.
Blocking Outbound Exfiltration Through MCP Fetch and HTTP Tools
Stop autonomous agents POSTing your data to attacker domains. PolicyLayer's URL allowlists turn MCP fetch and HTTP tools into deterministic one-way readers.
Cap LLM Token Spend on MCP Agents: Cost-Scaled Limits Beyond Call Counts
Stop autonomous agents from burning through your inference budget. PolicyLayer's cost-scaled limits cap LLM tokens, not just tool calls, on every MCP server.
Namespace-Scope Your Kubernetes MCP Server From Production
Lock your AI agent's kubectl access to dev and staging namespaces. PolicyLayer adds a second wall on top of Kubernetes RBAC and audits every blocked call.
Sandbox Your Shell-Exec MCP Server With Command Allowlists
Stop your agent running rm -rf through a third-party shell-exec MCP server. PolicyLayer Require and Deny if rules give you a two-layer command allowlist.
Slack MCP Channel Allowlists: Stopping Agents Posting to #general
Lock your Slack MCP server to specific channels and strip destructive tools from the MCP handshake. Practical Require, Deny if, and Hide policy walkthrough.