AI agents are calling enterprise tools in production today with no fine-grained authorization, no delegation tracking, and no audit trail. Permit MCP Gateway adds all three with a single URL change.

TEL AVIV, Israel: AI agents are already in production. They query CRMs, read codebases, write to data warehouses, and chain tool calls across sensitive systems, all through MCP. But the teams responsible for security and compliance face a gap that grows with every new connection: there is no standard way to authorize what an agent can do, track who delegated that authority, or audit what happened after.

This gap is already causing real damage. OWASP classifies Shadow MCP Servers, unsanctioned agent connections that bypass governance, as a top-10 MCP risk. Asana pulled its MCP feature offline for two weeks after a bug leaked customer data across organizations. A critical flaw in the mcp-remote npm package, installed over 558,000 times, gave attackers remote code execution on unpatched machines.

Adoption keeps accelerating. MCP now sees 97 million monthly SDK downloads. Anthropic donated the protocol to the Linux Foundation in December 2025, with OpenAI, Google, Microsoft, AWS, and Block as founding members. Block alone runs over 60 internal MCP servers. The protocol is becoming enterprise infrastructure. The authorization layer has not.

Today, Permit.io is launching Permit MCP Gateway to close that gap. The company has spent years building fine-grained authorization infrastructure, powered by OPA and Google Zanzibar-style relationship-based access control, now used in production at Tesla, Cisco, Intel, BP, and Palo Alto Networks. The gateway applies that same engine to MCP: every agent tool call is authorized in real time, the full delegation chain from human to agent is tracked, and trust ceilings ensure agents never exceed the permissions their human granted.

One URL change. No SDK. No code modifications to servers or agents.

"Every protocol that became enterprise infrastructure eventually needed a purpose-built security layer. MCP has reached that moment," said Or Weis, CEO and co-founder of Permit.io. "The difference is that agents do not just read, they act. Without authorization, the blast radius is not a data leak. It is an autonomous system doing things no one approved."

Permit MCP Gateway is deployed by enterprise customers and available in both hosted SaaS and on-premises configurations.

Related links

Product: permit.io/mcp-gateway
Try it: app.agent.security
Docs: docs.permit.io/permit-mcp-gateway/overview
YouTube:

Fonte: Business Wire