Back

Permit.io Launches MCP Gateway to Address Security Gaps in AI Agent Operations

Severity: High (Score: 67.5)

Sources: Businesswire, Sg.Finance.Yahoo

Summary

Permit.io has launched the Permit MCP Gateway to address significant security gaps in the Management Control Protocol (MCP) used by AI agents in enterprise environments. These agents currently operate without fine-grained authorization, delegation tracking, or audit trails, leading to vulnerabilities. OWASP identifies Shadow MCP Servers as a top-10 risk, with incidents like Asana's data leak and a critical flaw in the mcp-remote npm package exposing unpatched systems to remote code execution. The MCP protocol has seen rapid adoption, with 97 million monthly SDK downloads, and is supported by major tech companies. The new gateway provides real-time authorization, tracks delegation chains, and ensures agents do not exceed granted permissions. It is available in both hosted SaaS and on-premises configurations. The launch comes amid growing concerns over the autonomous actions of AI agents without proper oversight. Key Points: • Permit.io launches MCP Gateway to enhance security for AI agents in enterprises. • OWASP ranks Shadow MCP Servers as a top-10 risk due to lack of authorization. • The MCP protocol has 97 million monthly SDK downloads, indicating rapid adoption.

Key Entities

  • Data Breach (attack_type)
  • Asana (company)
  • AWS (company)
  • Israel (country)
  • docs.permit.io (domain)
  • permit.io (domain)
  • Npm (tool)
  • Mcp-remote (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed