The MCP security category leader11k+ npm downloads / month557+ adversarial fixturesSelf-improving Security Swarm

Stop AI agents from becoming your next breach vector

MCP Guardian is the security proxy between AI agents and MCP servers — inspecting every tools/call and tool response in real time, enforcing YAML policy, and running a closed-loop Security Swarm that red-teams itself faster than attackers evolve.

Sign in freeView on GitHubInstall from npmBuy Pro — $4.99

@mcp-guardian/server · 11k+ downloads/month · Works with Cursor, Cline, Claude Code

557+
Adversarial fixtures
Prompt injection, exfil, SSRF, shell obfuscation, chaining
11k+
npm downloads / month
@mcp-guardian/server on npmjs.com
154/154
Corpus attacks blocked
0 false positives on 74 benign fixtures
93.3%
Enterprise sim block rate
308/330 modeled attacks · 38.8ms avg latency
~41s
Instant learning discovery
vs ~4.9h batch-only (repo eval)
8.6/10
Production readiness
Enterprise security assessment (May 2026)

The attack surface nobody is watching

Claude, GPT-4, and enterprise agents are wired to real systems through MCP — faster than security teams can respond. One compromised session looks like a legitimate user.

  • AI agents connect to databases, GitHub, Slack, and internal APIs via MCP — with no security layer in between.
  • Malicious tool responses inject instructions, exfiltrate credentials, and chain calls to bypass access controls.
  • Security teams have zero visibility, no enforcement, and no audit trail for what agents actually do in production.

Inspect every tools/call

Transparent proxy between agent clients and MCP servers — block malicious calls before they reach the tool server.

Three-layer detection

Regex + JSON Schema + optional LLM semantic audit. Shell tokenizer AST catches obfuscation regex misses.

Response-side DLP

Scan tool outputs for secrets, PII, and prompt injection before they reach the AI model.

Self-improving swarm

Multi-agent Security Swarm continuously red-teams the product and proposes rule updates — compounding defensive advantage.

Trusted on npm

Install globally with npm install -g @mcp-guardian/server — MIT licensed, TypeScript 5.4, MCP SDK 1.25. Over 10,000 monthly downloads on npmjs.com.

npm registry page for @mcp-guardian/server showing 11k/month downloads badge, v2.9.6, MIT license, and MCP Guardian readme
Live npm registry — @mcp-guardian/server
Downloads11k / monthPackage@mcp-guardian/server
LicenseMIT
MCP SDK1.25
View on npm

npm install -g @mcp-guardian/server

Security Swarm — agentic architecture

Two tracks: CI validates policy before merge; runtime learns from live proxy blocks. Solo analyze adds live MCP probes and dashboard reports.

Security Swarm diagram: CI agents Scout through Report, runtime BlockGuard through Calibrator, connected to MCP proxy and dashboard
Closed-loop workflow from the MCP Guardian README: corpus regression, evasion probes, parity checks, and instant attack learning on the hot path.

CI track

  • ScoutDiscover tools, CVEs, policy gaps
  • Corpus154-attack regression suite
  • Evasion85 obfuscation probes
  • ParityPython ↔ TypeScript policy parity

Runtime track

  • BlockGuardPolicy block on every tools/call
  • InstantLearnerRolling stats → attack-pattern suggestions
  • SemanticAuditorTier-2 LLM semantic audit (Pro)
  • CalibratorThreshold tuning from labeled outcomes

Three-layer detection engine

Regex triage → schema validation → optional semantic LLM with circuit breaker and local fallback.

1

Regex triage

TR39 confusables offline, chaining patterns, fast block on obvious injection and exfil paths.

2

Schema analysis

Ajv validation, recursive depth limits, maxLength — catch malformed or oversized tool payloads.

3

Semantic (Pro)

Async tier-2 LLM audit, 10/min cap, 24h cache, Ollama/local fallback when API exhausted.

LLM-powered threat discovery — two architectures

Pro-tier pipelines that turn live blocks and swarm bypasses into new adversarial fixtures. Human review for policy changes; autonomous corpus growth for regression.

LLM Threat Discovery pipeline: detection sources, Ollama LLM, validation gates, signed manifest, human accept
Human-in-the-loop discovery — LLM proposes, you approve before policy changes.

Detection sources

Swarm bypasses, semantic true-positives, ThreatIntel CVEs, and corpus attacks — authentic signals only.

Why teams choose MCP Guardian

No purpose-built MCP security competitor exists. Generic API gateways don't understand agent behavior — and brittle custom middleware breaks on every SDK update.

Native MCP semantics

Understands tool call structure, rug-pull detection, typosquat scanning, and cross-tool chain attacks — not generic HTTP routing.

557+ validated attack fixtures

Years of adversarial research shipped in-repo. Competitors would need to replicate from scratch.

Self-sustaining threat research

Live proxy traffic feeds LLM discovery pipelines that auto-generate new adv fixtures — no competitor has this loop.

Enterprise-ready day one

Helm on K8s, Postgres RLS, DPoP OAuth, audit hash chain, mTLS hot-reload, multi-tenant JWT — drops into existing stacks.

CapabilityMCP GuardianGeneric gateway / DIY
MCP protocol nativeFull stdio, HTTP, SSE, WebSocketHTTP-only; breaks on SDK updates
Prompt injection / tool-chain detection557+ fixtures + normalization pipelineCustom middleware; YAML-only misses ~75%
Response DLP + secret scanning267 rules, context-aware redactionNot applicable
Continuous red-team loopSecurity Swarm + Auto Threat ResearchManual pen tests
Compliance overlaysHIPAA, PCI-DSS, GxP templates + audit chainBuild your own
DeploymentHelm chart, <1h on existing K8sWeeks of custom integration

Built for teams shipping agents to production

CISO and VP Engineering buyers · platform / AI infra deployers · Kubernetes + Postgres + OIDC already in place.

FinTech & payments

AI agents over transaction APIs and payment databases — CISO buyer, platform team deploys.

Healthcare & life sciences

EHR and patient-record workflows — HIPAA audit trail, immutable JSONL hash chain.

SaaS & platform teams

500–10,000 employee companies shipping agents to customer data — SOC2 access logging built in.

Built for production MCP fleets

Self-hosted open source with optional cloud control plane and lifetime Pro license.

Transparent stdio proxy

Drop-in for Cursor, Cline, and Claude Code — enforce YAML policy on every MCP tools/call without changing agent code.

Three-layer detection

Regex triage (TR39 confusables) → Ajv schema validation → optional LLM semantic verdict with circuit breaker and local fallback.

Cost & health governance

Per-tenant token budgets, cost auditor, health monitors, and Grafana-ready SLO dashboards for production fleets.

Multi-tenant enterprise

JWT-bound tenants, Postgres RLS, DPoP, audit hash chain, mTLS hot-reload, and Helm enterprise overlay.

Live dashboard (Pro)

Browser SPA with WebSocket feed, policy editor, swarm reports, ThreatIntel polling, and SOC2-style access audit.

Open-core + cloud plane

MIT Community proxy and harness on npm; optional Pro license for swarm CLI, fleet, AI learning, and semantic async.

Proven under attack

Four evidence layers in the repo — use CI-gated harness numbers for procurement; synthetic sims are labeled explicitly.

SuiteResultTrust
Corpus (default-policy)154/154 blocked · 74/74 benign passCI-gated
Evasion probes148/155 blocked (7 tracked bypasses)CI-gated
Node live integration26/26 stdio proxy testsCI-gated
Python ↔ TS parity400/402 (99.5%) · 0 corpus mismatchesOffline mirror
Enterprise 5-scenario sim330 attacks · 93.33% block · 0 FPSynthetic
Attack learning (long eval)5003 blocks · instant 41s vs batch 4.9hRepo eval

Full reports: adversarial-harness · enterprise-attack-sim

Post-MVP. Pilot-validated. Category-defining.

330 enterprise attack simulations · 93.3% block rate · 38ms average detection · zero false positives. Open-source core on npm; Pro unlocks Security Swarm, threat research pipelines, and fleet dashboard. AI agent security is the next major enterprise category — MCP Guardian is built to define it.

Install free on npmBuy Pro — $4.99 lifetime

Community & Pro

npm install is always free (MIT). Pro unlocks dashboard, Security Swarm CLI, fleet, AI learning, and multi-tenant JWT — validated against this control plane.

Community
Free
MIT open source

Proxy, CLI, local YAML policy, adversarial harness, and corpus eval — no license key. Sign in here to optionally manage cloud policy snippets and API keys.

Sign in (free)Install from npm
Pro
$4.99
Lifetime · one-time

Lifetime license for self-hosted Pro: Security Swarm CLI, live dashboard, WebSocket feed, AI learning, fleet TUI, semantic async, multi-tenant bindings.

  • License key by email + fixed control plane URL
  • Self-hosted — your data stays on your infrastructure
  • v3.0+ enforced on swarm CLI; pinned older npm tags unchanged
Buy Pro — $4.99Pro setup guide

Cloud control plane (optional)

This site validates GUARDIAN_LICENSE_KEY at GET /api/v1/license. Free sign-in with Google or GitHub sends you to the repo to install Guardian; use the cloud console for policy YAML, tenant env snippets, API key rotation, and SSO launch into a running self-hosted dashboard.

Control plane URL (all buyers): https://mcp-guardian-cloud.vercel.app