Permit MCP Gateway

Drop-in MCP Security Developers Love and CISOs Trust

Developer Tools

Artificial Intelligence

Security

Hey Product Hunt! Gabriel here, VP of DevRel at Permit.io. This is our fourth launch here! Some of you might remember us from our other fine-grained authorization launches here. That community feedback shaped so much of what we've built, and we're excited to be back with something new. We've been building authorization infrastructure for a few years now. RBAC, ABAC, relationship-based access control, policy engines. Teams at Tesla, Cisco, and Intel run it in production. It's not glamorous work, but it's the kind of thing that breaks badly when you skip it. Over the past year we watched MCP take off. Developers started connecting MCP servers to Claude, Cursor, and internal agents. MCP includes some basic auth capabilities, but they're limited. There's no fine-grained authorization, no way to control what each agent can do at the tool level, and no connection to your existing identity and governance infrastructure. Security teams couldn't see what agents were accessing, at what permission level, or who authorized them. That's what we built the gateway for. It's a transparent proxy that sits between your agents and any MCP server. You point it at a server, it auto-generates authorization policies for every tool. Every call gets checked before it hits the upstream server. The entire integration is one URL change. No code changes to your servers or agents. The part we think matters most: the gateway tracks the full delegation chain between humans and agents. It knows which person authorized which agent, what trust level they consented to, and it enforces a ceiling so the agent can never go beyond what was granted. Every decision, allow or deny, gets logged with full context. If you're using MCP in production or thinking about rolling it out across a team, we'd love to hear how you're approaching the security side. We'll be here all day.