The Next Acronym You Need to Know: MCP
Cybersecurity continues to evolve at speed, and MCP (short for Model Context Protocol) is the latest acronym demanding attention. MCP defines how AI agents connect with tools, APIs, and data systems. It’s also a massive gap in AI governance.
Gartner’s Innovation Insight: MCP Gateways explains that MCP is already widely adopted in developer communities, yet lacks essential enterprise governance features. Authentication, authorization, and auditing are optional within the standard.
Without governance, MCP creates an unmonitored layer between AI tools and enterprise data. This blind spot makes it one of the most pressing new risks CISOs must address.
Why CISOs Should Care About MCP
While most employee AI activity occurs in the browser, this is slowly evolving.
MCP was originally designed for developers but is now entering the enterprise. Gartner reports over 16,000 MCP servers active in 2025, most built for developer workflows but increasingly tied into enterprise systems.
As organizations build internal MCP servers to expose proprietary APIs and knowledge bases to their own AI agents, security leaders face a dual challenge: enabling innovation while maintaining control.
Gartner captures this balance clearly: enterprises are “adopting MCP quickly at the cost of governance, or delaying adoption at the cost of innovation.”
The Manager Mindset: Governing AI Agents Like People
Enterprises often treat AI agents like tools when they should treat them like digital employees. A well-managed agent requires context, feedback, and ongoing oversight.
Organizations should adopt clear best practices for managing AI agents. This involves maintaining detailed AGENTS.md files that outline each agent’s responsibilities, permissions, and performance feedback. Agents should be periodically reviewed and retrained to maintain reliability and compliance. MCP Gateways should then be used to apply consistent policies, monitor behavior, and enforce guardrails across all agentic workflows. Gartner’s analysis reinforces this principle, recommending MCP Gateways to enforce authentication, authorization, and auditing for all servers.
Not all MCP servers are created equal
The MCP ecosystem is uneven, with some providers offering more robust MCP servers than others.
Poorly implemented MCP servers often rely on AI inference rather than clear instructions, increasing hallucination risk and data exposure. Enterprises must validate each MCP integration for documentation quality and policy compliance before production use.
Beyond this, AI agents do not share human context or institutional caution. Agents can take autonomous actions that have real-world consequences without human oversight.
Enterprises need intent monitoring, where gateways analyze what an agent is trying to do, not just what it is accessing. This guards against destructive or data-leaking actions in real time.
Why MCP Gateways Are the Real Control Plane
While network security tools can provide visibility into some remote MCP servers, they lack visibility and control into locally deployed MCP servers – which constitute the majority of engineering use cases.
Gartner defines MCP Gateways as systems that “securely manage the registration, discovery, and access to MCP servers across an enterprise”.
They are the control layer that combines identity, policy, and visibility for all agentic activity.
An effective gateway provides:
- Authentication enforcement via OAuth2 or OpenID Connect.
- Policy-based controls to block or allow MCP capabilities.
- Data inspection and redaction for sensitive content.
- Full observability for compliance and audit.
There’s a huge upside to getting this right. Organizations that adopt independent governance tools realize twice the value from AI initiatives. MCP Gateways extend that principle to agentic workflows, unifying governance across open and vendor environments.
Harmonic Security’s MCP Gateway delivers on that need, discovering all clients and servers, enforcing granular policies, and protecting data without disrupting developers.
Local vs Remote MCP Gateways
When it comes to choosing an MCP Gateway, there a several approaches in terms of where the control can or should exist:
- Remote MCP Gateway. A Remote MCP Gateway applies when the MCP Client operates outside an employee’s machine, such as ChatGPT running in a browser on OpenAI’s infrastructure. These clients can only connect to remote MCP servers hosted in the cloud. The remote gateway enables visibility and governance over such external interactions to ensure secure and compliant usage.
- Local MCP Gateway. A Local MCP Gateway governs activity when the MCP Client runs directly on an employee’s machine. such as with tools like Cursor, Windsurf, or Claude Code. Local clients can connect to both local and remote MCP servers. The gateway provides visibility and control over local activity, where much of the processing happens on the user’s device. Local MCP servers are also easier for engineers to develop and integrate with local tools.
Harmonic Security covers both local and remote deployments, as well as browser-based deployments. We believe only by doing so can you have viable visibility and control into AI use.
Questions Every CISO Should Ask about MCP
To assess readiness for MCP governance, security leaders should ask the following:
- Can the organization identify every MCP client and server in use, and the people using them?
- Can specific MCP capabilities or tools be allowed or blocked individually?
- Are tool-call payloads inspected for sensitive or unstructured data in real time?
- Is there an audit-ready log of MCP activity that supports compliance efforts?
- When a policy violation occurs, does the system guide the agent to a safe path instead of breaking the workflow completely?
These questions help determine whether your AI governance framework is proactive or reactive.
From Blind Spots to Guardrails
AI adoption will continue accelerating across all functions. CISOs and CIOs must establish unified governance that covers both agentic AI and enterprise-embedded AI. MCP Gateways are the missing piece that makes this shift practical, scalable, and compliant.
Of course, this is clearly about more than MCP; organizations need control for all employee use of AI.
.png)