Blog

Dynamic tool use cuts token waste from MCP by replacing bulk tool loading with lightweight search, saving cost without custom implementation.

Over the last year, MCP has surged in adoption. To little surprise, this has introduced some scaling issues. One of these is client registration; previously, systems were rigged together by humans. Today, AI agents discover and interface with MCP servers freely, requiring a new paradigm for client communications.

When an agent makes the wrong call, your audit trail is the only record of what happened. Here's what most logs leave out and how to fix yours before an incident.

MCP's new authorization hardening RC quietly landed six spec fixes that most people glossed over. We broke them down into three problem clusters: trust domain confusion, credential lifecycle management, and authorization boundaries.

Runlayer and Anthropic collaborated on MCP Tunnels, which invert the connection direction so your network reaches out to Anthropic instead of exposing inbound ports, removing the security wall that blocks Claude from accessing internal systems like Jira, databases, and telemetry.

Senior engineers look at an MCP gateway and see a reverse proxy with auth and logs. That instinct is wrong. MCP attack vectors shift constantly, performance breaks at scale in specific ways, and threat detection requires MCP-specific signals that generic tools miss.

MCP adoption has exploded inside enterprises, with shadow servers and over-provisioned agents creating an attack surface most security teams haven't caught up to. Traditional IAM, OAuth, and RBAC weren't built for non-deterministic agents that delegate to other agents.

Runlayer was named to Notable Capital & Morgan Stanley's 2026 Rising in Cyber list, voted on by 150 sitting CISOs. Andy Berman on why the recognition matters, and what it signals about how AI-native companies are getting built.

An MCP gateway acts as the centralized proxy layer for agent-to-tool communications, handling tool discovery, authentication, input/output filtering, and observability across an organization's agentic systems.

OX Security found a design-level flaw in Anthropic's Model Context Protocol. MCP's STDIO transport turns a config file into a command executor. Here's how Runlayer's control plane breaks each of the four attack vectors.

Runlayer achieves AARM Extended Conformance (R1–R9), partnering with the Vanta-backed open specification to define how enterprises secure AI agents at runtime.

What Project Glasswing and Claude Mythos mean for enterprise security teams, and why your patch workflows, dependency management, and MCP governance need to evolve now.

Fake MCP servers pose a growing security risk, enabling data leaks, tool poisoning, and compromised AI behavior. Learn how these attacks work and how organizations can prevent them with proper controls and monitoring.

Runlayer and 1Password partner to bring secure, auditable credential access to autonomous AI agents. The integration lets enterprises inject secrets from 1Password vaults into agent sessions managed by Runlayer, replacing plaintext .env files with centralized governance, real-time retrieval, and full audit logging across human and non-human identities.

Garry Tan recently argued that MCP “sucks,” citing context-window bloat and weak authentication. This article breaks down why those criticisms miss the mark—and why MCP remains the better foundation for agents operating at enterprise scale.

PBAC beats FGA for agent authorization — context-aware, auditable, asymmetric access control without graph complexity.

OpenAI AgentKit/Agent Builder launched in Oct 2025 but, despite early hype, its limited integrations and weak security (e.g., unverified MCP servers, no namespace isolation, insufficient guardrails) create a large enterprise attack surface—prompting calls for controls like a trusted MCP catalog, tool gateway auditing, RBAC/least privilege, and stronger governance (e.g., via Runlayer).

A Claude Opus–powered OpenClaw agent with Slack and shell access was social-engineered in ~50 messages to rebind its UI, install ngrok, expose the dashboard publicly, reveal its gateway token, and approve the attacker’s device.

An overview of the OWASP MCP Top 10, highlighting the biggest security risks in MCP-enabled AI systems and the key safeguards teams can use to prevent them.

MCP Apps let tools render interactive UIs directly in chat via the same MCP protocol—not a new execution path. With Runlayer intercepting tool calls, resource fetches, and auth headers, existing MCP security controls apply from day one.

Connect AI agents to Box content with enterprise security. The official Box MCP server is live in the Runlayer marketplace, with identity enforcement, audit logging, and threat detection built in. Box customers can find Runlayer in the Box Integrations Center. Setup takes minutes.

CLI tools feel familiar to AI agents, but they break down in production due to brittle syntax, poor state management, and dangerous security assumptions. This post explains why CLI-based agent workflows fail and how a single-tool MCP using a known programming language offers a more reliable and secure alternative.

This update is about momentum: moving faster in the CLI, getting clearer visibility into what’s running, and debugging with less friction. Expect smoother workflows, better control, and fewer surprises as you build and ship.

Two near-invisible prompt injection attacks showed how attackers can bypass default enterprise guardrails and trigger silent, ongoing data exfiltration by exploiting user and model trust. Runlayer blocks these attacks by treating every input as untrusted until it passes continuously updated security models trained on the latest real-world exploits.

Runlayer is an official Cursor Hooks launch partner. With Cursor Hooks, securely allow or deny MCP tool calls with Runlayer's enterprise MCP platform.

GitHub’s MCP vulnerability revealed how AI agents can be weaponized through poisoned context in public repositories. This post analyzes the exploit, explains why permissions alone aren’t enough, and shares practical guardrails for preventing and mitigating agent-driven data exfiltration.

The Linux Foundation has launched the Agentic Artificial Intelligence Foundation (AAIF), with Runlayer joining sponsors Anthropic, OpenAI, Google, AWS, Microsoft. AAIF now oversees the Model Context Protocol (MCP), reinforcing MCP as a rising standard for AI agent integration. Runlayer supports AAIF’s open, secure, and scalable AI development mission.

MCP adoption is accelerating across major platforms, but security risks—like malicious servers, prompt injection, and tool-level exploits—are growing just as fast. This post breaks down real attack scenarios that show how easily data can leak when MCP implementations are trusted by default. It also outlines practical defenses for users and builders, plus why companies need audited MCP catalogs, gateway proxies, and sandboxing to stay secure at scale.

Tired of manually registering every AI agent with every OAuth server? Dynamic Client Registration (DCR) lets your agents authenticate with MCP servers at runtime, no human clicks required. Learn how DCR works, when to use it over traditional OAuth, and why it's becoming essential for scalable agentic systems.