// GLOSSARY -- POLICY ENFORCEMENT

What is Fail-Closed Enforcement?

1 min read Updated

A security posture where tool calls are blocked by default when the policy engine or proxy is unavailable, ensuring that enforcement failures never result in unauthorised actions.

WHY IT MATTERS

In distributed systems, components fail. Networks drop. Services crash. When the policy enforcement layer fails, there are two choices: fail open (allow everything) or fail closed (block everything).

Fail-closed is the only safe default for AI agent enforcement. An agent with no policy is an agent with no limits. If the proxy is down, agents can't act — safety over availability.

HOW POLICYLAYER USES THIS

Intercept is fail-closed by design. If the proxy is unreachable, MCP tool calls cannot reach the upstream server. This is PolicyLayer's core safety guarantee.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.