New updates have been reported about SurePath AI.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
SurePath AI has introduced MCP Policy Controls, a new capability that gives enterprises real-time governance over which Model Context Protocol servers and tools AI systems can use, closing a growing security gap as MCP adoption accelerates across AI workflows. Positioning itself as a control layer for any AI solution an organization builds or buys, SurePath AI aims to let security teams manage MCP-specific risks without blocking AI innovation, which the company compares to the early, unmanaged surge in ChatGPT usage.
The platform enforces policy before any MCP action is executed by controlling local MCP hosts and their connections, using schema-aware inspection to allow or deny specific servers and tools based on organizational rules and built-in classifications such as whether a tool is destructive. On the remote side, SurePath AI routes protected MCP traffic through its system, applying granular access controls at the tool level, maintaining a catalog of known MCP endpoints, and flagging previously unseen tools that may impersonate legitimate services or exfiltrate data.
Key capabilities include discovery of MCP tools across the workforce by intercepting MCP payloads from AI clients like ChatGPT or Claude, automatic removal of tools that violate read-only or other capability requirements, and centralized block and allow lists that determine which tools are included in MCP payloads sent to backend systems. An optional “allow read-only” setting streamlines approval of lower-risk tools, while a configurable catch-all policy defines how undocumented MCP tools are handled, giving CISOs and security leaders a deterministic stance on new or unknown tools.
By moving MCP security into a dedicated governance layer, SurePath AI seeks to protect against data sprawl and lateral movement created when multiple agents connect to a mix of local and cloud MCP servers tied into systems such as Google Drive, Salesforce, and AWS management APIs. The company frames this as a necessary evolution beyond traditional firewalls and IAM, arguing that MCP-based AI interactions now function as a direct, authenticated command path into critical business systems and therefore require protocol-specific governance to support safe enterprise AI adoption at scale.