Bulk add devices to GLP. devices: dicts with 'serialNumber' and 'macAddress'.
AI agents use glp_add_devices_bulk to create or update resources in API-Central — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your API-Central environment.
This tool creates or registers devices in the GreenLake Platform system, which is a reversible write operation. While it affects network infrastructure enrollment, the operation is not destructive (devices can be removed) and not financial. Severity is medium due to the potential blast radius of bulk device registration affecting platform inventory and access, but containable through admin actions.
From the tool's definition Tool description states 'Bulk add devices to GLP' with devices containing 'serialNumber' and 'macAddress' — a bulk creation operation that modifies the GreenLake Platform inventory.
Attacks that exploit this kind of access
Bulk add devices to GLP. devices: dicts with 'serialNumber' and 'macAddress'. It is categorised as a Write tool in the API-Central MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the API-Central MCP server in PolicyLayer and add a rule for glp_add_devices_bulk: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches API-Central. Nothing to install.
glp_add_devices_bulk is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the glp_add_devices_bulk rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for glp_add_devices_bulk. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
glp_add_devices_bulk is provided by the API-Central MCP server (secure-ssid/centralmcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →