Observability is not Security: You need Both. Here's How to Pair Operant MCP Gateway with Datadog's MCP Server
Evaluate your spending
Imperdiet faucibus ornare quis mus lorem a amet. Pulvinar diam lacinia diam semper ac dignissim tellus dolor purus in nibh pellentesque. Nisl luctus amet in ut ultricies orci faucibus sed euismod suspendisse cum eu massa. Facilisis suspendisse at morbi ut faucibus eget lacus quam nulla vel vestibulum sit vehicula. Nisi nullam sit viverra vitae. Sed consequat semper leo enim nunc.
- Lorem ipsum dolor sit amet consectetur lacus scelerisque sem arcu
- Mauris aliquet faucibus iaculis dui vitae ullamco
- Posuere enim mi pharetra neque proin dic elementum purus
- Eget at suscipit et diam cum. Mi egestas curabitur diam elit
Lower energy costs
Lacus sit dui posuere bibendum aliquet tempus. Amet pellentesque augue non lacus. Arcu tempor lectus elit ullamcorper nunc. Proin euismod ac pellentesque nec id convallis pellentesque semper. Convallis curabitur quam scelerisque cursus pharetra. Nam duis sagittis interdum odio nulla interdum aliquam at. Et varius tempor risus facilisi auctor malesuada diam. Sit viverra enim maecenas mi. Id augue non proin lectus consectetur odio consequat id vestibulum. Ipsum amet neque id augue cras auctor velit eget. Quisque scelerisque sit elit iaculis a.
Have a plan for retirement
Amet pellentesque augue non lacus. Arcu tempor lectus elit ullamcorper nunc. Proin euismod ac pellentesque nec id convallis pellentesque semper. Convallis curabitur quam scelerisque cursus pharetra. Nam duis sagittis interdum odio nulla interdum aliquam at. Et varius tempor risus facilisi auctor malesuada diam. Sit viverra enim maecenas mi. Id augue non proin lectus consectetur odio consequat id vestibulum. Ipsum amet neque id augue cras auctor velit eget.
Plan vacations and meals ahead of time
Massa dui enim fermentum nunc purus viverra suspendisse risus tincidunt pulvinar a aliquam pharetra habitasse ullamcorper sed et egestas imperdiet nisi ultrices eget id. Mi non sed dictumst elementum varius lacus scelerisque et pellentesque at enim et leo. Tortor etiam amet tellus aliquet nunc eros ultrices nunc a ipsum orci integer ipsum a mus. Orci est tellus diam nec faucibus. Sociis pellentesque velit eget convallis pretium morbi vel.
- Lorem ipsum dolor sit amet consectetur vel mi porttitor elementum
- Mauris aliquet faucibus iaculis dui vitae ullamco
- Posuere enim mi pharetra neque proin dic interdum id risus laoreet
- Amet blandit at sit id malesuada ut arcu molestie morbi
Sign up for reward programs
Eget aliquam vivamus congue nam quam dui in. Condimentum proin eu urna eget pellentesque tortor. Gravida pellentesque dignissim nisi mollis magna venenatis adipiscing natoque urna tincidunt eleifend id. Sociis arcu viverra velit ut quam libero ultricies facilisis duis. Montes suscipit ut suscipit quam erat nunc mauris nunc enim. Vel et morbi ornare ullamcorper imperdiet.
The Attack Surface You Just Opened
Think about what the Datadog MCP Server can touch. It feeds AI agents your production logs. Your APM traces. Your infrastructure topology. Your security findings. Your incident history. Your service maps. In a single, standardized, agent-readable protocol.
That's not just observability data. That's the crown jewel inventory of your entire cloud operation — handed to an AI agent operating at machine speed, often without a human in the loop.
Now ask yourself: what happens when that agent is manipulated?
Datadog's MCP Server is specifically designed to ingest natural language prompts and map them to data retrieval across your environment. That's incredibly powerful for your engineers. It's also an ideal attack surface for prompt injection — where malicious instructions are embedded in data the agent reads (a log entry, an incident note, a dashboard description), causing the agent to take actions its operator never intended.
We're not talking about theoretical risks. Operant AI's security research team discovered and disclosed Shadow Escape, the first zero-click agentic attack exploiting MCP. Using this attack path, malicious actors can silently exfiltrate critical PII — SSNs, medical records, financial data — across any MCP-enabled AI platform, including Claude, ChatGPT, and Gemini, all without users or IT teams realizing anything is happening. No clicks. No alerts. No warnings in your logs.
A single poisoned log entry. A manipulated monitor description. One crafted incident note. That's all it takes to turn your observability platform into an exfiltration pipeline.
Observability Is Not Security. Full Stop.
Here's the uncomfortable truth the industry needs to hear: logging is not protection, and monitoring is not defense.
Datadog is world-class at observability. That's exactly why this matters. When you connect your observability platform to an AI agent via MCP, you're not just giving that agent a window into your systems — you're giving it hands. The ability to query, correlate, and act. And observability tools, by design, are built to watch, not to block.
Logging tells you what happened after the fact. Monitoring tells you something is wrong — usually after the damage is done. Neither stops a prompt injection attack mid-flight. Neither redacts your API keys before they flow to an attacker's endpoint. Neither blocks a rogue agent from performing lateral movement across your cloud infrastructure.
Monitoring is too late. Logging isn't enough. In the age of autonomous AI agents operating at machine speed, after-the-fact visibility is not a security strategy.
The question isn't whether you'll know a breach happened. The question is whether you'll be able to stop it before it does.
The MCP Gateway Difference: Why Operant AI Is Not Just Another AI Gateway
Most AI gateways stop at authentication and logging. They enforce OAuth, they rate-limit requests, they produce audit trails. That's necessary — but it's table stakes. It is observability dressed up as security.
Operant AI's MCP Gateway was built on a fundamentally different premise: that real security requires active, runtime defense — not passive visibility.
What makes Operant's approach categorically different:
1. Runtime Blocking, Not Passive Logging Operant doesn't just watch traffic flow between your AI agents and the Datadog MCP Server — it actively intercepts it. Prompt injections, jailbreaks, tool poisoning attempts, and unauthorized access patterns are detected and blocked inline, before they execute. Not flagged in a dashboard. Blocked.
2. Inline Auto-Redaction of Sensitive Data Before any data leaves your Datadog environment and flows to an AI agent, Operant's redaction engine scrubs it — removing PII, PHI, credentials, tokens, and financial data in real time. Even if a tool is compromised or a prompt injection succeeds, it can't exfiltrate what was never exposed in the first place.
3. Zero-Click Attack Prevention Operant is the only platform that can detect and block Shadow Escape-class attacks — zero-click exploits where a malicious MCP interaction exfiltrates critical data entirely invisibly. No other gateway on the market was built to defend against this attack class.
4. Context-Aware, Dynamic Trust Enforcement Traditional gateways ask: "Is this agent allowed to connect?" Operant asks: "Is this agent allowed to do this specific thing, right now, given its current behavior, identity, and risk posture?" Trust is re-evaluated continuously at runtime — not set once at configuration time and forgotten. This means Operant can catch lateral movement, privilege escalation, and anomalous tool sequences as they happen, not after.
5. MCP Trust Zones and Least-Privilege Execution Operant enforces granular, least-privilege access controls specifically designed for MCP's architecture. Agents can only access what they need, when they need it. Untrusted MCP servers are blocked outright. The blast radius of any compromised agent is contained before it can spread across your infrastructure.
6. Sensitive Data Flow Blocking — Not Just Monitoring Operant's Adaptive Internal Firewalls monitor and actively block unauthorized data transfers at network egress points. When sensitive information attempts to cross an unwanted boundary, it doesn't generate an alert for someone to investigate later. It stops.
What's Actually at Stake With the Datadog MCP Server
Let's be concrete about the risk profile. The Datadog MCP Server exposes tools across: logs, metrics, traces, dashboards, monitors, incidents, hosts, services, synthetic tests, events, and notebooks.
A successfully exploited MCP connection to Datadog isn't just a data leak. It's a live map of your entire infrastructure — every service, every host, every deployment, every anomaly, every secret your monitors have ever touched. It tells an attacker exactly which systems are running, which are vulnerable, which have active incidents, and how your teams respond to them.
Now imagine that data being exfiltrated through a zero-click prompt injection. No human approved the action. No human saw it happen. Your Datadog logs record the tool calls faithfully — but by the time anyone reads them, the information is already gone.
This is not a hypothetical edge case. This is the attack surface that comes standard with MCP adoption at scale.
Gartner Agrees: MCP Requires Runtime Governance
Operant AI is the only vendor featured across all five of Gartner's most critical AI security reports — AI TRiSM, API Protection, MCP Gateways, AI Agents, and more. In its MCP cybersecurity guide, Gartner specifically named Operant alongside Azure API Management and Kong as a recommended MCP gateway for enforcing traffic policies and monitoring agent behavior.
But Gartner's guidance goes further than monitoring. The report emphasizes that MCP environments require the same level of governance, privilege controls, and runtime defense that enterprises apply to APIs and identity systems — and often more. Because unlike APIs, MCP operates with AI agents that reason, decide, and act dynamically. The threat model isn't static. Neither can the defense be. As we’ve always been saying, runtime is not limited to eBPF and the need for MCP and Agentic security is bringing this realization across the industry.
Secure Your Datadog MCP Server. Now.
Datadog's MCP Server is a genuine leap forward for AI-native operations. Your teams should use it. Your agents should benefit from it. But connecting your entire observability stack to an AI agent without runtime defense isn't innovation — it's exposure.
The Datadog MCP Server doesn't come with a built-in security layer capable of blocking prompt injection at runtime, redacting sensitive data inline, preventing zero-click exfiltration, or enforcing dynamic trust boundaries across your agent ecosystem. That's not a criticism of Datadog — it's a recognition that security at this layer is a different discipline entirely.
That's Operant's discipline.
Do you want your entire cloud footprint to be exfiltrated through a single 0-click attack on your MCP server? Operant AI makes sure it won't be.
Secure your Datadog MCP deployment with Operant AI's MCP Gateway — the only runtime AI defense platform purpose-built to protect MCP, agents, and the sensitive data flowing between them.
Get a live demo of Operant's MCP Gateway protecting Datadog's MCP Server in action ->
Operant AI is the world's only Runtime AI Defense Platform. It is the only vendor featured across all five of Gartner's most critical AI security categories, and the discoverer of Shadow Escape — the first zero-click agentic attack exploiting MCP.
.png)
.png)