Aerostack
Aerostack
MCP Security

Your AI agent has
root access.

Every MCP server you install gives your AI agent unrestricted access to your databases, repos, cloud, and APIs. No permissions. No guardrails. One hallucination away from disaster.

Secure Your AgentsSee It In Action
Today
All tools exposed
With Aerostack
You choose which tools
//The Problem

What your AI agent can do right now.

Install any MCP server in Claude, Cursor, ChatGPT, or Windsurf. Your agent immediately gets full, unrestricted access to every tool. Here's what that means.

Database MCP

Any AI agent with Postgres/MySQL MCP

Agent can do all of this
DROP TABLE userscritical
DELETE FROM orders WHERE 1=1critical
UPDATE accounts SET balance = 0
SELECT * FROM credit_cards
ALTER TABLE — break schema
With Aerostack — you allow only
SELECT with read-only access
View table structure
Run approved reports

GitHub MCP

Any AI agent with GitHub MCP

Agent can do all of this
Delete repositorycritical
Force push to maincritical
Merge PRs without review
Change branch protection rules
Remove collaborators
With Aerostack — you allow only
Read code and issues
Create branches and PRs
Review diffs and comments

Slack MCP

Any AI agent with Slack MCP

Agent can do all of this
Send messages as you to any channelcritical
Delete channelscritical
Remove members from workspace
Export private conversations
Change workspace settings
With Aerostack — you allow only
Read specific channels
Search message history
Post to approved channels only

Cloud (AWS/GCP) MCP

Any AI agent with Cloud MCP

Agent can do all of this
Terminate production instancescritical
Delete S3 buckets with datacritical
Modify security groups (open ports)
Change IAM policies
Download secrets from vault
With Aerostack — you allow only
Describe instances and resources
View CloudWatch metrics
Read deployment configs
//Try It

Toggle permissions.
See what your agent can do.

This is the Aerostack permission panel. Every MCP tool can be individually enabled or disabled. Your agent only sees what you allow.

3 / 8 tools enabledNo dangerous tools exposed
Safe
query
Run SELECT queries
Safe
list_tables
List all tables
Safe
describe_table
View table schema
Caution
insert
Insert new rows
Caution
update
Modify existing rows
Dangerous
delete
Delete rows
Dangerous
execute
Run arbitrary SQL
Dangerous
drop_table
Drop a table

When your agent calls a blocked tool, Aerostack returns a clear error — the action is never executed.

//How It Works

Three layers of agent safety.

Aerostack sits between your AI agent and your tools. Every tool call goes through permission checks before it reaches the MCP server.

Tool-Level Permissions

Every MCP tool can be individually allowed or blocked. Install a database MCP but only expose SELECT. Install GitHub but block delete_repository. You decide what every agent can touch.

Full Audit Trail

Every tool call is logged — what was called, what arguments were passed, whether it was allowed or blocked. See exactly what your agents are doing in real time.

Workspace Policies

Set default permissions at the workspace level. New team members inherit safe defaults. Dangerous tools require explicit approval. Least-privilege by default.

AI Agent
Claude, GPT, Cursor, etc.
Aerostack Firewall
Permission check + audit log
MCP Server
Only allowed tools execute
//Comparison

Nobody else is doing this.

Compare MCP security across platforms. Aerostack is the only platform with tool-level permission control.

Raw MCPClaude / CursorAerostack
Tool-Level Control
Per-tool allow / deny
Read-only mode for MCP
Block destructive tools
Custom permission presets
Runtime Protection
Audit log of every tool call
Rate limiting per tool
Real-time monitoring
Alert on blocked action
Governance
Workspace-level policies
Team permission templates
Compliance-ready (SOC 2, GDPR)
Least-privilege by default
//Use Cases

Safe agents for every team.

Data Teams

Give AI agents read-only database access for analytics and reporting. Block all writes. No more 'I accidentally dropped the table' incidents.

Engineering Teams

Let agents read code, create PRs, and review diffs — but block force pushes, repo deletion, and branch protection changes.

Support Teams

Agents can read customer tickets and search knowledge bases. Block sending messages to prevent AI from responding without human review.

DevOps Teams

Monitor infrastructure with AI — describe instances, read metrics, check logs. Block terminate, delete, and any destructive cloud operations.

Compliance Teams

Meet SOC 2 and GDPR least-privilege requirements. Every tool call audited. Permission changes tracked. Export-ready compliance reports.

Agency & Freelancers

Give clients AI-powered dashboards without worrying about agents breaking things. Set permissions per client workspace.

Stop giving agents
the keys to everything.

Set up tool-level permissions in under 5 minutes. Free to start. Your databases, repos, and APIs will thank you.

Get Started FreeRead the Docs

Frequently asked questions

What is tool-level AI agent security?+

Tool-level security lets you allowlist or blocklist individual MCP tools for each agent. An agent given read access cannot delete records, even if the MCP supports it.

How does MCP authentication work on Aerostack?+

Every workspace URL is authenticated via OAuth or API key. Secrets are injected at the edge and never sent to the AI client.

Can I audit what actions an AI agent has taken?+

Yes. Aerostack logs every tool call with timestamp, agent identity, input parameters, and response — viewable per workspace.

What happens if an AI agent tries to call a blocked tool?+

The tool call is rejected with a permission error. The agent receives a structured response indicating the action is not permitted.

Is Aerostack security model zero-trust?+

Yes. Secrets are never exposed to the AI model or client. Access is verified at the edge on every request, with no ambient trust between components.