What is MCP Tool Sprawl?

1 min read Updated

The uncontrolled proliferation of MCP tools across an organisation, where agents accumulate access to hundreds of tools without centralised inventory, classification, or policy controls.

WHY IT MATTERS

A single MCP server can expose dozens of tools. An enterprise agent connecting to ten servers might have access to 500+ tools with no centralised visibility into what they do or how risky they are.

Tool sprawl is the MCP equivalent of API sprawl — ungoverned growth that creates security blind spots, compliance gaps, and operational complexity.

Expose only the tools your agents actually use — less context cost, less attack surface, less sprawl.

CUT YOUR TOOL SURFACE →

Cut context cost and attack surface in one move.

HOW POLICYLAYER USES THIS

PolicyLayer's catalogue provides centralised inventory and classification for 18,000+ tools. PolicyLayer provides the enforcement layer to govern which tools each agent can actually use.

IN THE CATALOGUE

Measured across 4,526 MCP servers (91,856 tools): connecting a server loads its full tool definitions into the context window on every request.

1,867 tokens — median server
11,309 tokens — 90th percentile
147,411 tokens — largest measured (UnClick)
ServerTool definitionsTokens per request
GitHub8614,406
Linear667,149
Supabase292,561
Filesystem141,642

FURTHER READING

Take your agents live. Without losing control.

Route your MCP traffic through PolicyLayer. Every tool call is checked against your policy before it runs: allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

Instant setup, no code required.

46,500+ MCP servers and 515,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.