The MCP Threat Model
MCP servers grant AI agents access to sensitive systems. Without a security layer, several risks emerge:Tool Poisoning
A malicious or compromised MCP server could return crafted responses that influence AI agent behavior. For example, a tool response could include instructions that manipulate the agent into calling other tools with unintended parameters.Data Exfiltration
An AI agent with access to both a filesystem server and an HTTP server could read sensitive files and send their contents to an external endpoint — all within a single conversation.Privilege Escalation
MCP servers often run with the user’s full permissions. An AI agent that convinces a server to execute arbitrary commands effectively has the user’s privileges.Uncontrolled Tool Access
Without policy controls, any AI agent can call any tool on any connected MCP server. There’s no way to restrict which tools are available to which contexts.Compliance Gaps
In regulated environments, there’s no built-in audit trail for what AI agents do. When an agent modifies a production database or accesses customer data, who knows?Ultra Simplifies MCP Connectivity
Without Ultra, connecting MCP clients to MCP servers is an N×M problem — every client needs to be individually configured for every server. This creates configuration sprawl, inconsistent security posture, and zero centralized visibility. Ultra acts as a single proxy that all MCP clients connect through. You configure your servers once in Ultra, and every client gets access through one connection point. This eliminates per-client server configuration and gives you a single place to monitor, audit, and enforce policies on all MCP traffic.What Ultra Provides Today
Ultra addresses these risks with a visibility-first approach:Complete Audit Trail
Every MCP operation is recorded — tool calls, resource reads, prompt requests. The audit log captures who did what, when, and the full request/response payloads. The audit interceptor fails closed to ensure no operation goes unrecorded.Distributed Tracing
OpenTelemetry-compatible traces with W3C Trace Context IDs. Correlate MCP operations with your existing observability stack. Know exactly what an AI agent did during a session.Real-Time Monitoring
The web dashboard provides live visibility into MCP traffic. See which tools are being called, which servers are active, and whether operations succeed or fail.Centralized Visibility
Ultra Hub aggregates traces and audit events from all gateways across your organization. One dashboard for all MCP activity, across all developers and environments.Client Identity Tracking
Ultra identifies which MCP client (Claude Desktop, Cursor, VS Code, Codex, etc.) made each request, providing context for security analysis.- You can’t secure what you can’t see. Most organizations don’t even know what their AI agents are doing. Ultra fixes that immediately.
- Audit trails have immediate compliance value. Even without enforcement, a complete audit log satisfies many regulatory requirements.
- Observability informs policy. Understanding actual usage patterns is essential for writing effective policies. Block-first approaches tend to break workflows.
- Guardrails add enforcement. Once you understand your MCP traffic patterns, guardrails let you define and enforce rules — blocking dangerous tool calls, validating parameters, and rate limiting usage.
Ultra is the security layer that individual MCP servers and AI agents don’t have built in. It’s the only platform that gives you complete visibility and policy enforcement across every AI agent, every MCP server, and every tool call in your organization, while significantly increasing your team’s AI-native automation, efficiency, and capabilities.