Stop AI Agents
Before They Attack
mTrust is a managed AI firewall that protects in both directions — your MCP servers from untrusted agents, and your agents from malicious MCP servers. Trust scoring, injection scanning, and a global threat feed — deployed in minutes.
TOOL execute_command
RISK CRITICAL
3 MCP servers protected · 12 agents tracked · <2ms latency
AI Agents Are Calling Your Tools.
Nothing Is Watching.
A new protocol called MCP (Model Context Protocol)is becoming the standard way AI agents interact with software. When ChatGPT reads your files, when Claude executes a database query, when an AI assistant deploys your code — they're using MCP to call tools on servers you control.
The problem:MCP has no security layer. When an agent connects to your MCP server, there's no identity check, no trust score, no behavioral analysis, no audit trail. The server just executes whatever the agent asks. If that agent gets compromised — through prompt injection, a supply chain attack, or a malicious model — it has full access to every tool on your server.
This isn't theoretical. In 2025, compromised AI agents autonomously exfiltrated data from Fortune 500 companies with 80-90% autonomy. As MCP adoption accelerates — Anthropic, OpenAI, Google, and hundreds of startups are building on it — every MCP server deployed is another unprotected entry point.
mTrust is the firewall for MCP.It sits between AI agents and your tools, intercepting every request. It identifies the agent, calculates a real-time trust score based on behavior, enforces your security policies, and learns what “normal” looks like — so it can catch attacks that rule-based systems miss.
MCP Has No Firewall
Networks have firewalls. Web apps have WAFs. APIs have gateways. But when an AI agent calls your MCP server, nothing checks who it is, what it's doing, or whether it should be allowed. Every MCP server deployed today is an open door.
It Already Happened
Compromised AI agents autonomously exfiltrated data, executed unauthorized commands, and pivoted through connected systems — with 80-90% autonomy and zero human oversight.
Prompt Injection → Full Compromise
Any agent with MCP access can be hijacked to read files, execute commands, and exfiltrate data through the tools it already has permission to use.
Your WAF Can't See It
Traditional firewalls and API gateways approved the traffic because it looked like valid API calls. They have no concept of agent identity, trust, or behavioral patterns.
MCP Adoption Is Accelerating
Anthropic, OpenAI, Google — every major AI lab is converging on MCP. Every server deployed is another unprotected entry point.
Agents Are Moving to Production
Code execution, database access, infrastructure management — AI agents are no longer demos. They're running real workloads with real consequences.
No One Is Checking
MCP has no built-in authentication, no trust scoring, no behavioral analysis, no audit trail. The protocol maintainers have shown no indication of adding one.
mTrust Fills the Gap
The first and only firewall purpose-built for the MCP protocol layer.
How mTrust Compares
Traditional security tools weren't built for AI agents. Microsoft AGT is rule-based with no ML. mTrust is the only bi-directional AI firewall with adaptive behavioral intelligence.
| Capability | WAF | API GW | MS AGT | mTrust |
|---|---|---|---|---|
| Per-agent behavioral trust scoring | Adaptive, history-weighted | |||
| Tool-level policy enforcement | Risk-tiered per tool | |||
| Parameter semantic analysis | Embedding similarity (Bedrock Nova) | |||
| Sequence attack detection | Markov chain analysis | |||
| Cross-agent correlation | Cross-customer coordinated attack detection | |||
| Cross-origin exfiltration detection | Read→write pattern detection across origins | |||
| Prompt injection scanning | AI-powered (Bedrock) — catches hidden instructions | |||
| Tool description rug pull detection | SHA-256 hash verification on every call | |||
| Global agent reputation | Cross-customer trust scores by model prefix | |||
| Threat intelligence feed | 15+ real-world attack patterns, auto-deny | |||
| Browser-side agent verification | 1.4KB SDK — npm, CDN, WordPress plugin | |||
| OAuth 2.1 with trust-gated scoping | Scope determined by behavioral trust score | |||
| Slack interactive alerts | Acknowledge / Block Agent from Slack | |||
| SIEM integration (CEF format) | SentinelOne, Splunk, Elastic, CrowdStrike | |||
| AWS Security Hub / GuardDuty | Cross-account ASFF findings | |||
| Firewall integration (FortiGate, Palo Alto) | Syslog/CEF — network-level enforcement | |||
| Streamable HTTP (MCP native) | JSON-RPC 2.0 with session tracking | |||
| Adaptive ML models | Weekly global retraining pipeline |
An AI Firewall That Gets Smarter
Not just a gateway — an adaptive security layer that learns what normal looks like for every agent, detects novel attacks, and responds autonomously. The more customers deploy it, the better it gets for everyone.
Intercept Every Request
The gateway sits between agents and your MCP server. Every tool call is intercepted, the agent is identified, and a trust score is calculated — in under 2ms.
Learn What Normal Looks Like
Per-agent behavioral baselines build automatically. Parameter embeddings via Bedrock Nova detect when tool arguments deviate from what this agent normally sends.
Detect Novel Attacks
Sequence mining catches unusual tool call patterns. Cross-agent correlation detects coordinated attacks across multiple customers. Claude explains what happened in plain English.
Respond Automatically
Configurable auto-block rules, auto-resolve for low-risk anomalies, webhook integration, and anomaly-triggered policy adjustments. The system acts while you sleep.
See Everything
Full dashboard: server health, agent trust scores, anomaly triage, audit logs, billing. Every decision logged. CSV/JSON export. 30-second auto-refresh.
Deploy in Minutes
Proxy mode: point agents at us. Sidecar mode: deploy alongside your server via Docker, ECS, or Kubernetes. Protected MCP server in under 10 minutes.
Protection in Both Directions
mTrust doesn't just protect your servers from rogue agents — it protects your agents from malicious MCP servers. Prompt injection scanning, rug pull detection, and a global threat feed catch supply chain attacks before your AI gets weaponized.
Protect Your Servers from Untrusted Agents
Trust scoring, anomaly detection, and policy enforcement on every tool call
Real-Time Trust Scoring
Every tool call scored in <2ms. Per-agent behavioral baselines, parameter embeddings via Bedrock Nova, and sequence mining detect novel attacks before they execute.
Cross-Origin Exfiltration Detection
Detect agents reading data from one origin and writing it to another — the #1 WebMCP attack vector. Read→write patterns caught in real-time within a session.
OAuth 2.1 Trust-Gated Auth
mTrust as the authorization server for MCP. Token scope is dynamically determined by the agent's behavioral trust score — not static roles. Scope downgrades automatically as trust degrades.
Global Agent Reputation
If an agent misbehaves at Customer A, its starting trust drops at Customer B. Cross-customer reputation scores aggregated hourly by model prefix. The network effect moat.
Browser SDK
A single script tag that verifies every AI agent before it can call your WebMCP tools. 1.4KB, CDN-hosted, fail-open or fail-closed. Available as npm package, React hook, or WordPress plugin.
Slack Interactive Alerts
Anomaly alerts posted to Slack with Acknowledge and Block Agent buttons. Take action from Slack without opening the dashboard. SIEM integration via CEF format for SentinelOne, Splunk, and Elastic.
Protect Your Agents from Malicious MCP Servers
Injection scanning, rug pull detection, and threat intelligence catch supply chain attacks
Prompt Injection Scanner
AI-powered detection of hidden instructions in MCP tool descriptions. Catches <IMPORTANT> blocks, base64-encoded payloads, cross-tool shadowing, and data exfiltration patterns. Powered by Bedrock.
Tool Description Signing
SHA-256 hashes computed on tool discovery. If a tool description changes after approval (rug pull), the gateway detects the mismatch and blocks the call. Addresses the #1 MCP supply chain attack.
WebMCP Scanner
Scan any URL to discover exposed AI-callable tools. Risk scoring (A-F grade), injection pattern detection, and actionable recommendations. Free, no login required.
Threat Intelligence Feed
15+ catalogued attack patterns from real-world incidents: Postmark BCC injection, SANDWORM_MODE worm, CVE-2025-6514, and more. Gateway auto-denies tools matching known threats.
No other product offers bi-directional MCP security. Microsoft AGT is rule-based with no ML. mTrust is the only platform with adaptive behavioral intelligence, global agent reputation, prompt injection scanning, and a shared threat feed.
Three Layers of Defense
Every MCP request passes through the gateway. Suspicious patterns are caught by the anomaly engine. ML intelligence learns what normal looks like.
Gateway
Every MCP request intercepted. Identity verified, trust score calculated, policy checked. <2ms.
Anomaly Engine
Batch analysis every 5 min. Frequency spikes, timing anomalies, trust cliffs, new agent bursts.
ML Intelligence
Parameter embeddings via Bedrock Nova. Sequence mining. Cross-agent correlation. Learns what "normal" looks like.
Allow / Deny / Escalate
Decision logged. Agent score updated. Anomalies surfaced in dashboard for triage.
Every Customer Makes Everyone Safer
mTrust isn't just a product — it's a sensor network. Every deployment adds behavioral data to a shared intelligence layer. Attack patterns discovered at one customer protect all others before they ever see the threat.
More Customers
Each deployment adds interaction data to the global training pipeline
Better Models
More data → better parameter centroids, sequence models, severity predictions
Fewer False Positives
Better models → more accurate detection → happier customers
Network Immunity
100 customers is a sensor network. 10,000 is an immune system.
The Same Playbook That Built $80B+ Companies
Every endpoint agent reports threat data. More devices → better signatures → fewer breaches for everyone.
20% of the internet flows through them. More sites → better bot detection → better protection for all.
Every MCP interaction builds the model. A dataset no one else is collecting — at the protocol layer where it matters.
A competitor can copy the gateway rules. They cannot copy the global behavioral models trained on millions of real AI agent interactions.
Fits Into Your Security Stack
mTrust integrates with the tools your security team already uses — firewalls, SIEMs, EDR platforms, and collaboration tools. No rip-and-replace. Defense in depth.
All integrations use standard formats (CEF, ASFF, syslog) — compatible with any security tool that accepts them.
See the Dashboard
Monitor every MCP server, agent, and anomaly from a single dashboard. Built with Next.js, powered by real-time data.
7 Pages, 6 Server Tabs
Home, servers, server detail (overview, tools, policies, agents, audit, settings), audit log, billing, settings.
Add Server in 4 Steps
Enter origin URL → auto-discover tools → set risk levels → deploy. Protected MCP server in under 10 minutes.
Real-Time Anomaly Triage
Filter by severity, type, server, agent. Bulk dismiss or block. 30-second auto-refresh. CSV/JSON export.
Enterprise-Grade Infrastructure
Built on AWS with auto-scaling, encryption at rest, and real-time alerting. Managed by us so you don't have to.
Performance
- Trust Evaluation
- <2ms
- Anomaly Detection
- Near real-time
- Uptime SLA
- 99.9%
- Threat Intel Updates
- Hourly
- Global Model Retraining
- Weekly
- Auto-Scaling
- Fully managed
Security
- Encryption
- AES-256 at rest + TLS
- Authentication
- OAuth 2.1 + API keys
- Audit Trail
- Every request logged
- Data Retention
- 90 days
- Alerts
- Email, Slack, SIEM
- Hosting
- AWS (US-East)
Who Uses mTrust
Any team deploying MCP servers needs to know which agents are calling them and what they're doing.
AI agents managing infrastructure via MCP. Prevent unauthorized deploys, config changes, and privilege escalation.
Trading and transaction agents with behavioral oversight. Block anomalous patterns before they violate risk parameters.
Patient data access with per-agent trust verification. Audit every tool call. Detect data exfiltration attempts.
Ship MCP-powered products with security built in. Show customers their agents are monitored and policy-enforced.
Innovation Protected
mTrust Protocol is protected by pending patent applications covering our novel approach to decentralized, protocol-level AI trust management and behavioral verification.
A system and method for determining trust scores for autonomous artificial intelligence agents operating within a decentralized network protocol...
- URI-based interception methods
- Real-time behavioral scoring algorithms
- Context-aware policy enforcement engines
Get Early Access
We're onboarding security teams who are deploying AI agents in production. Apply for early access to the only bi-directional AI firewall for MCP.