Gartner features Operant AI's MCP Gateway in its newest MCP cybersecurity guide
.png)
Evaluate your spending
Imperdiet faucibus ornare quis mus lorem a amet. Pulvinar diam lacinia diam semper ac dignissim tellus dolor purus in nibh pellentesque. Nisl luctus amet in ut ultricies orci faucibus sed euismod suspendisse cum eu massa. Facilisis suspendisse at morbi ut faucibus eget lacus quam nulla vel vestibulum sit vehicula. Nisi nullam sit viverra vitae. Sed consequat semper leo enim nunc.
- Lorem ipsum dolor sit amet consectetur lacus scelerisque sem arcu
- Mauris aliquet faucibus iaculis dui vitae ullamco
- Posuere enim mi pharetra neque proin dic elementum purus
- Eget at suscipit et diam cum. Mi egestas curabitur diam elit
Lower energy costs
Lacus sit dui posuere bibendum aliquet tempus. Amet pellentesque augue non lacus. Arcu tempor lectus elit ullamcorper nunc. Proin euismod ac pellentesque nec id convallis pellentesque semper. Convallis curabitur quam scelerisque cursus pharetra. Nam duis sagittis interdum odio nulla interdum aliquam at. Et varius tempor risus facilisi auctor malesuada diam. Sit viverra enim maecenas mi. Id augue non proin lectus consectetur odio consequat id vestibulum. Ipsum amet neque id augue cras auctor velit eget. Quisque scelerisque sit elit iaculis a.
Have a plan for retirement
Amet pellentesque augue non lacus. Arcu tempor lectus elit ullamcorper nunc. Proin euismod ac pellentesque nec id convallis pellentesque semper. Convallis curabitur quam scelerisque cursus pharetra. Nam duis sagittis interdum odio nulla interdum aliquam at. Et varius tempor risus facilisi auctor malesuada diam. Sit viverra enim maecenas mi. Id augue non proin lectus consectetur odio consequat id vestibulum. Ipsum amet neque id augue cras auctor velit eget.
Plan vacations and meals ahead of time
Massa dui enim fermentum nunc purus viverra suspendisse risus tincidunt pulvinar a aliquam pharetra habitasse ullamcorper sed et egestas imperdiet nisi ultrices eget id. Mi non sed dictumst elementum varius lacus scelerisque et pellentesque at enim et leo. Tortor etiam amet tellus aliquet nunc eros ultrices nunc a ipsum orci integer ipsum a mus. Orci est tellus diam nec faucibus. Sociis pellentesque velit eget convallis pretium morbi vel.
- Lorem ipsum dolor sit amet consectetur vel mi porttitor elementum
- Mauris aliquet faucibus iaculis dui vitae ullamco
- Posuere enim mi pharetra neque proin dic interdum id risus laoreet
- Amet blandit at sit id malesuada ut arcu molestie morbi
Sign up for reward programs
Eget aliquam vivamus congue nam quam dui in. Condimentum proin eu urna eget pellentesque tortor. Gravida pellentesque dignissim nisi mollis magna venenatis adipiscing natoque urna tincidunt eleifend id. Sociis arcu viverra velit ut quam libero ultricies facilisis duis. Montes suscipit ut suscipit quam erat nunc mauris nunc enim. Vel et morbi ornare ullamcorper imperdiet.
We're excited to announce that Operant AI has been featured in Gartner's latest research report, Manage the Cybersecurity Risks of the Model Context Protocol, for our work in MCP security, specifically highlighting AI/MCP gateways, a category in which Operant is a recognized leader.
The most dangerous AI breaches this year occurred inside the agentic workflow. The espionage campaign reported by Anthropic and Operant AI’s, Shadow Escape (the first zero-click agentic attack exploiting MCP), demonstrated how an attack operated entirely within authenticated sessions, using legitimate credentials, invisible to both users and conventional security tools. We estimate that trillions of private records could be at risk through similar MCP-based attack chains.
The security community took notice. Now, Gartner’s report validates, the biggest threats in AI aren’t coming from outside the enterprise, but they’re emerging inside the agentic workflows. This recognition comes at a pivotal moment as enterprises rapidly adopt MCP to enable AI agents, and it validates our approach to securing this emerging integration layer.
The Report: A Wake-Up Call for MCP Security
Gartner's report pulls no punches about the security implications of MCP adoption. As analyst Craig Lawson states in the document: "The blunt reality is this: MCP was originally designed for interoperability, where cybersecurity is optional." But at Operant, we consistently argued, interoperability without security becomes an attack surface, not an advantage. The MCP exemplifies this tension perfectly, it unlocks powerful agentic workflows, yet it was never designed with the guardrails that enterprise environments require. Gartner’s new research acknowledges this head-on, putting formal language around risks we have already demonstrated in the wild.
The research makes it clear that MCP, while enabling powerful AI-driven workflows, introduces significant cybersecurity risks that most organizations aren't prepared to handle:
MCP expands attack surfaces by enabling real-time tool and data access: AI agents can connect to local and remote resources, often bypassing traditional API governance and security controls.
Vendor-hosted MCP servers introduce blind spots and uncontrolled trust boundaries: These environments often lack strong authentication, logging, sandboxing, or visibility into agent actions.
Prompt injection, tool poisoning, and unauthorized invocation become enterprise-scale risks: Gartner's Strategic Planning Assumptions predict that by 2027, cybersecurity incidents tied to prompt injection, data access, or agent misconfiguration will impact over 40% of enterprise MCP deployments.
Employees can unknowingly create "rogue" MCP clients: Innovation teams may connect to unvetted MCP services, introducing unnoticed pathways for data exfiltration or business process manipulation.
The message across the report is consistent and deeply aligned with the story Operant has been telling the market: MCP requires the same level of governance, privilege controls, observability, and runtime defense that enterprises apply to APIs, identity systems, and data stores, and often more.
Why Operant AI Was Featured
In the section on implementing runtime governance and observability for hosted MCP servers, Gartner specifically names Operant alongside major cloud providers as an MCP gateway solution:
"Deploy MCP gateways (e.g., Azure API Management, Kong, Operant) to enforce traffic policies and monitor agent behavior."
This recognition isn't just about being listed. It reflects Operant's comprehensive approach to MCP security that addresses the core challenges Gartner identifies in the report:
Enterprise-Grade MCP Gateway Capabilities
Our MCP Gateway provides the critical security layer that Gartner recommends for enterprise deployments:
1. Discovery & Governance: The Foundation Layer
Enterprise-grade Visibility & Governance
- MCP Catalog: Comprehensive, real-time discovery of ALL MCP clients, servers, and tools across environments (the "what exists" view)
- MCP Registry: Curated, approved allowlist of trusted MCP components (the "what's permitted" view)
- Dynamic tool allowlisting: Permits only approved tools based on risk assessment, compliance requirements, and business logic
- Cross-server relationship mapping: Tracks connections and dependencies between different MCP servers
2. Detection: AI-Native Threat Identification
Real-time Threat Detection
- Continuous monitoring for prompt injections, jailbreaks, tool poisoning, and unauthorized access patterns
- Context awareness: Real-time analysis of all data passed through MCP to detect tampering or malicious content
Trust & Risk Scoring
- Dynamic reputation scoring of MCP servers and tools based on historical behavior and threat intelligence
- Rogue tool identification: Detection of malicious tools designed to impersonate legitimate components
3. Defense: Inline Runtime Protection
Data Protection
- Inline auto-redaction of sensitive data across requests and responses, including streaming communications
- Encryption of data in transit and at rest with proper tokenization. key management
Access Control & Containment
- Context-aware access control: Evaluates not just "who" the agent is, but what it's doing, where it's connected, and real-time risk posture
- Conditional access rules: Adapt permissions based on user roles, agent behavior, and environmental context
- Granular MCP server restrictions: Prevent unauthorized connections between different MCP servers. Segmentation, rate limiting, and trust zones to contain incidents
Addressing MCP’s Infinite Variety
One of Gartner's key insights is that organizations face two distinct MCP operational models, each with unique security implications:
Self-Hosted MCP Servers
When you host your own MCP servers, you gain control but assume full responsibility for security. Operant's MCP Gateway helps you:
- Implement zero-trust principles with validation at every interaction
- Segment the MCP server roles by function to limit lateral movement
- Secure configuration files and integration metadata as high-value targets
- Plan for protocol evolution without accumulating technical debt
Vendor-Hosted MCP Instances
When consuming MCP services from vendors (which Gartner notes most organizations will do more of), you face limited visibility and control. Our solution provides:
- Mediation of all external MCP traffic through your controlled gateway
- Assessment of vendor security posture and MCP architecture
- Enforcement of data exposure limits and tool invocation restrictions
- Detection of unauthorized MCP usage and malicious clients
As Gartner emphasizes: "Treating all MCP servers as the same ignores the risks of vendor-hosted environments where you have little control."The challenge isn’t just that each MCP server sits behind a different trust boundary, it’s that MCP breaks the old assumption that the system behind the “door” is stable or even visible. A self-hosted MCP server is a room you built, and with vendor-hosted ones, you’re securing a door that leads into someone else’s hallway entirely. And because these “doors” don’t all lead to the same types of tools or data, you can’t treat them as identical or rely on blanket allow/deny rules.
But the deeper problem is that even securing the door itself isn’t enough. Real security comes from controlling who or what gets to walk through it, and under what conditions, not from deciding whether a door should always be open or always be closed. MCP environments shift constantly, and tools appear or disappear, data changes sensitivity, agents behave differently over time, so the decision about what should be allowed must be made dynamically in real-time, not once at configuration. Operant's MCP Gateway is designed to address this reality by continuously evaluating identity, intent, context, and risk to determine what is safe to invoke, ensuring that every “visitor” through the MCP door is explicitly approved in the moment, not just assumed safe.
The Convergence of MCP and API Security
What makes Operant's approach particularly powerful is our recognition that MCP is fundamentally a specialized API protocol for AI agents. When AI systems interact with databases, external services, or enterprise applications through MCP servers, they're essentially making API calls optimized for agentic workflows.
This insight is validated across multiple Gartner reports where Operant has been featured:
- MCP Gateways: For securing AI-to-system communication
- API Protection: For protecting the APIs that AI systems depend on
- AI TRISM (Trust, Risk, and Security Management): For comprehensive AI governance
- Securing Custom-Built AI Agents: For runtime protection of agentic applications
- Software Supply Chain Security Playbook: For protecting the AI supply chain from code to runtime.
The convergence means that effective AI security requires protecting both traditional APIs and the new MCP layer, with a deep understanding of how they interact. You cannot secure AI without securing its integration points.
Our platform is designed for this evolution. We're not solving today’s security problems with yesterday's tools. We're building the security infrastructure for the agentic future.
Why This Matters Now
The timing of Gartner's report is critical. MCP adoption is accelerating faster than most security teams can adapt. The report notes that over 16,000 MCP servers were delivered in 2025, and this number is growing exponentially as vendors integrate MCP capabilities into their platforms.
Without proper controls, organizations face:
- Unauthorized data access as agents connect to sensitive systems
- Supply chain compromise through vulnerable MCP implementations
- Compliance violations from unmonitored AI agent activities
- Regulatory scrutiny following inevitable high-profile breaches
As Gartner emphasizes, "The urgency lies in governing MCP deployments before they scale unchecked. Organizations that act now can enable secure, functional AI workflows while protecting sensitive data and business processes."
The Path Forward
Gartner's report makes it clear that MCP security isn't optional – it's essential for safe AI adoption at enterprise scale. The recommendations are pragmatic and actionable, but they require purpose-built security solutions designed for the unique challenges of MCP.
That's exactly what Operant's MCP Gateway delivers: comprehensive protection for the connective tissue between AI agents and enterprise resources, with the observability, control, and governance that security teams need.
As enterprises navigate the complex landscape of AI adoption, they need security solutions that understand MCP isn't just another integration protocol – it's a fundamental shift in how AI systems interact with the enterprise. Our recognition in Gartner's report validates our comprehensive approach to securing this new paradigm.
Take Action
Don't wait for the predicted breaches and regulatory scrutiny. Gartner's research shows that proactive organizations that establish MCP security controls now will be far better positioned than those playing catch-up after incidents occur.
Want to see how Operant's MCP Gateway can secure your AI agents and protect your enterprise resources? Book a demo, and we'll show you how to implement Gartner's recommendations in under five minutes of deploy time.
