Salt Security’s latest move lands with the kind of inevitability you only appreciate after seeing the threat surface first-hand. MCP servers—those quiet workhorses that let LLMs execute tools, call APIs, and complete workflows—have become the connective tissue of enterprise AI systems. And as often happens, the moment something becomes indispensable, attackers start circling like they’ve spotted an unlocked side door.
Salt is stepping directly into that gap. Their new capability plugs behavioral threat protection into the MCP layer itself, detecting malicious intent aimed at Model Context Protocol servers running in AWS and blocking it in real time through organizations’ existing AWS WAF setups. It doesn’t feel tacked-on; it feels like the missing half of what MCP hardening should have been from day one.
The backstory here is almost amusing in its predictability. Companies started spinning up MCP servers everywhere—internal experiments, shadow agents, half-forgotten prototypes—many of them internet-exposed, none of them overseen by a unified security team. Into that chaos Salt injected MCP Finder, its discovery engine that maps both sanctioned and rogue MCP deployments across internal, external, and shadow environments. Now they’ve layered active defense on top of that visibility, letting AWS WAF take the decisive action: block misuse automatically at the edge.
Salt’s approach taps real-time behavioral intelligence from its broader API security platform, which means the defenses adapt as attacker tactics evolve. And by routing MCP traffic through AWS WAF, organizations get protection without building new enforcement infrastructure—always a relief in AI environments already overflowing with moving parts.
What stands out is how this shifts MCP security from “interesting research problem” to “operationally enforceable.” Teams can now identify unknown MCP endpoints, understand how they’re being used or abused, and shut down malicious agent behavior before it snowballs into data exposure or unauthorized system access. And by extending WAF rulesets to the AI action layer—where intent matters more than signatures—Salt finally gives enterprises guardrails at the speed and scale of autonomous agents.
It’s a practical, almost surgical answer to a rapidly growing blind spot. With MCP becoming the backbone of autonomous workflows and AI-driven operations, this capability isn’t just a nice add-on—it’s a necessary pressure release for an environment that was quietly drifting toward unmanaged complexity. Salt is showcasing the stack at AWS re:Invent 2025, and the integration is already live inside the Salt Security API Protection Platform.
Leave a Reply