Your AI agent has
root access.
Every MCP server you install gives your AI agent unrestricted access to your databases, repos, cloud, and APIs. No permissions. No guardrails. One hallucination away from disaster.
What your AI agent can do right now.
Install any MCP server in Claude, Cursor, ChatGPT, or Windsurf. Your agent immediately gets full, unrestricted access to every tool. Here's what that means.
Database MCP
Any AI agent with Postgres/MySQL MCP
DROP TABLE userscriticalDELETE FROM orders WHERE 1=1criticalUPDATE accounts SET balance = 0SELECT * FROM credit_cardsALTER TABLE — break schemaGitHub MCP
Any AI agent with GitHub MCP
Delete repositorycriticalForce push to maincriticalMerge PRs without reviewChange branch protection rulesRemove collaboratorsSlack MCP
Any AI agent with Slack MCP
Send messages as you to any channelcriticalDelete channelscriticalRemove members from workspaceExport private conversationsChange workspace settingsCloud (AWS/GCP) MCP
Any AI agent with Cloud MCP
Terminate production instancescriticalDelete S3 buckets with datacriticalModify security groups (open ports)Change IAM policiesDownload secrets from vaultToggle permissions.
See what your agent can do.
This is the Aerostack permission panel. Every MCP tool can be individually enabled or disabled. Your agent only sees what you allow.
When your agent calls a blocked tool, Aerostack returns a clear error — the action is never executed.
Three layers of agent safety.
Aerostack sits between your AI agent and your tools. Every tool call goes through permission checks before it reaches the MCP server.
Tool-Level Permissions
Every MCP tool can be individually allowed or blocked. Install a database MCP but only expose SELECT. Install GitHub but block delete_repository. You decide what every agent can touch.
Full Audit Trail
Every tool call is logged — what was called, what arguments were passed, whether it was allowed or blocked. See exactly what your agents are doing in real time.
Workspace Policies
Set default permissions at the workspace level. New team members inherit safe defaults. Dangerous tools require explicit approval. Least-privilege by default.
Nobody else is doing this.
Compare MCP security across platforms. Aerostack is the only platform with tool-level permission control.
| Raw MCP | Claude / Cursor | Aerostack | |
|---|---|---|---|
| Tool-Level Control | |||
| Per-tool allow / deny | |||
| Read-only mode for MCP | |||
| Block destructive tools | |||
| Custom permission presets | |||
| Runtime Protection | |||
| Audit log of every tool call | |||
| Rate limiting per tool | |||
| Real-time monitoring | |||
| Alert on blocked action | |||
| Governance | |||
| Workspace-level policies | |||
| Team permission templates | |||
| Compliance-ready (SOC 2, GDPR) | |||
| Least-privilege by default | |||
Safe agents for every team.
Data Teams
Give AI agents read-only database access for analytics and reporting. Block all writes. No more 'I accidentally dropped the table' incidents.
Engineering Teams
Let agents read code, create PRs, and review diffs — but block force pushes, repo deletion, and branch protection changes.
Support Teams
Agents can read customer tickets and search knowledge bases. Block sending messages to prevent AI from responding without human review.
DevOps Teams
Monitor infrastructure with AI — describe instances, read metrics, check logs. Block terminate, delete, and any destructive cloud operations.
Compliance Teams
Meet SOC 2 and GDPR least-privilege requirements. Every tool call audited. Permission changes tracked. Export-ready compliance reports.
Agency & Freelancers
Give clients AI-powered dashboards without worrying about agents breaking things. Set permissions per client workspace.
Stop giving agents
the keys to everything.
Set up tool-level permissions in under 5 minutes. Free to start. Your databases, repos, and APIs will thank you.