What is MCP Gateway?
What is MCP Gateway?
MCP Gateway is Harmonic's endpoint-based security layer for agentic AI. It gives security teams visibility and control over how AI agents interact with your tools, data, and infrastructure, without slowing down your developers.
A Quick Primer on MCP
The Model Context Protocol (MCP) is an open standard that allows AI agents—like Cursor, Claude Code, and other assistants—to interact with external tools and data sources. Through MCP, an agent can read files, query databases, call APIs, post messages to Slack, create Jira tickets, and much more.
MCP works through a client-server model:
MCP Clients are the AI-powered applications your team uses (Cursor, Claude Code, etc.)
MCP Servers are the integrations that expose tools and resources to those clients (GitHub, Slack, Jira, Notion, internal databases, and more)
This extensibility is what makes agentic AI so powerful—and what creates new security challenges.
The Challenge: Securing Agentic AI
When an AI agent can access GitHub, Jira, Notion, and internal databases on behalf of your employees, traditional security controls fall short.
Security teams are left asking:
Which MCP servers are employees connecting to?
What tools are agents invoking, and with what data?
How do we prevent sensitive information from leaking through agent actions?
How do we enforce consistent policies across the organization?
MCP Gateway answers these questions.
Introducing MCP Gateway
MCP Gateway sits between your MCP clients and the MCP servers they connect to. Every tool invocation passes through the Gateway, giving you a single enforcement point for security policies.
The Gateway runs locally on each workstation, managed by the Harmonic agent. This means:
No network proxies to configure – works seamlessly with local and remote MCP servers
Low latency – policies are enforced locally with no round-trip to the cloud
Centralized management – policies sync from the Harmonic platform; telemetry flows back for monitoring
Who Is This For?
MCP Gateway serves three key groups within your organization:
IT Admins
Deploy and manage the Harmonic agent across employee machines via MDM or manual installation.
Engineers & End Users
Work with MCP servers through their preferred clients (Cursor, Claude Code, etc.), adding or configuring servers locally within the bounds of organizational policy.
Security Teams
Monitor MCP usage across the organization, define access controls, configure data protection rules, and respond to alerts—all from the Harmonic platform.
This documentation is organized to serve each of these audiences. Use the navigation to find guides relevant to your role.
Key Capabilities
Visibility
See exactly what's happening across your agentic AI ecosystem:
Which MCP clients and servers are in use across your organization
Full invocation logs showing every tool call, with parameters and responses
User-level attribution for compliance and incident response
Access Controls
Define and enforce policies for MCP usage:
Allow or block specific MCP servers
Control access to individual tools and prompts within a server
Data Protection
Prevent sensitive data from being exposed through agent actions:
Real-time detection of sensitive data in tool invocations (PII, secrets, credentials, and more)
Choose between monitor (alert only) or block (prevent the action) modes
Harmonic built-in sensitive data models, plus custom keyword detection
How It Works
The Gateway intercepts MCP traffic on the local workstation
Policies (synced from the Harmonic platform) are applied in real-time
Telemetry streams back to the platform for monitoring and alerting
Security teams manage everything centrally—policy updates take effect across your fleet without redeploying the agent
Last updated