MCP lets AI agents connect to your tools, but its built-in auth is limited. There's no fine-grained authorization, no governance, and no connection to your existing IdP infrastructure. Permit MCP Gateway is a zero-trust proxy that adds what's missing to any MCP server without touching its code. Swap one URL and every tool call gets OAuth authentication, Zanzibar-style authorization, consent screens, and full decision logging. No SDK to install. No agents to rewrite. Works with any MCP server.
Hey Product Hunt! Gabriel here, VP of DevRel at Permit.io.
This is our fourth launch here! Some of you might remember us from our other fine-grained authorization launches here. That community feedback shaped so much of what we've built, and we're excited to be back with something new.
We've been building authorization infrastructure for a few years now. RBAC, ABAC, relationship-based access control, policy engines. Teams at Tesla, Cisco, and Intel run it in production. It's not glamorous work, but it's the kind of thing that breaks badly when you skip it.
Over the past year we watched MCP take off. Developers started connecting MCP servers to Claude, Cursor, and internal agents. MCP includes some basic auth capabilities, but they're limited. There's no fine-grained authorization, no way to control what each agent can do at the tool level, and no connection to your existing identity and governance infrastructure. Security teams couldn't see what agents were accessing, at what permission level, or who authorized them.
That's what we built the gateway for. It's a transparent proxy that sits between your agents and any MCP server. You point it at a server, it auto-generates authorization policies for every tool. Every call gets checked before it hits the upstream server. The entire integration is one URL change. No code changes to your servers or agents.
The part we think matters most: the gateway tracks the full delegation chain between humans and agents. It knows which person authorized which agent, what trust level they consented to, and it enforces a ceiling so the agent can never go beyond what was granted. Every decision, allow or deny, gets logged with full context.
If you're using MCP in production or thinking about rolling it out across a team, we'd love to hear how you're approaching the security side. We'll be here all day.
MCP security is the thing I keep putting off. Right now my MCP servers are basically "allow everything from anyone" — which is fine for solo dev, but the moment you think about a team or production, it's terrifying.
The one-URL-change integration is what makes this feel realistic. Every other security layer I've evaluated required rewriting half the stack.
Quick question — does the gateway add noticeable latency per tool call? For interactive agent workflows where the user is waiting, even 200ms per call adds up fast.
Really powerful idea: handling fine-grained permissions and authorization without building everything from scratch can save dev teams a ton of complexity. How do you balance flexibility in policy creation with keeping the system simple enough for teams to actually manage day-to-day?
Having audit trails is so important, so having the ability to know who authorized which agent is really nifty. Does Permit.io flag when policies fall outside standard best practices? Or does the auto-generation capability fully manage this such that no manual configuration is required after set up?
Agent interrogation - seems interesting but problematic, how can you trust the agent not to lie, or be coerced to lie ? How can this produce a consistent Identity?
Hey Product Hunt! David here, Solutions Engineer at Permit.io.
We just published two walkthroughs showing the MCP Gateway in action:
No changes to the underlying MCP servers — just drop the Gateway in front and control who (or what) can do what. Both demos take just a few minutes to set up. Would love to hear what MCPs you'd want to see demoed next!
okay yeah this makes a lot of sense. everyone wants agents to connect to tools now, but the second you think about who approved what and what that agent is actually allowed to do, it gets serious real fast. the one url change part is probably what will make people actually try it.
curious, what’s the first reaction you get from security teams when they see this, relief or more questions?
This is a strong problem to go after. A lot of teams are excited about MCP, but the security and authorization layer is exactly where things start getting uncomfortable once real production access is involved. The fact that this works as a proxy and does not require rewriting agents or servers makes it feel much more realistic for actual adoption.
Curious, what tends to be the biggest blocker for teams right now when they start thinking about MCP security, visibility, fine-grained control, or integration with existing identity systems?
Hey PH ! Or Weis here, co-founder and CEO of Permit.io. Fourth time launching here, and always great to be back.
We’ve been building in authorization for years, and the shift we’re seeing with MCP feels like one of those rare infrastructure moments. Every protocol starts a little messy. HTTP was messy. TCP/IP was messy. MCP is no exception. But it is quickly becoming the connective tissue between AI agents and enterprise systems, which makes it the right place to enforce identity, trust, and governance.
Most of the market looks at MCP and asks, “How do I push this through my existing stack?” We think that is the wrong question.
Agents are not service accounts with better branding. They need a new kind of identity: dynamic, delegated, auditable, and revocable in real time.
That is why we built Permit MCP Gateway.
Permit MCP Gateway is a drop-in trust layer for MCP. It helps teams secure AI agents connecting to tools and enterprise systems with fine-grained authorization, consent, auditability, and runtime enforcement — without rewriting their stack.
A few things we think matter:
fine-grained permissions for agent actions
delegated access on behalf of users
audit logs for every tool call
zero-standing-privilege approach
built on Permit, so controls can extend deeper into APIs, services, and data for defense in depth
This is a very natural evolution for us. Permit started with application authorization, and now we’re bringing the same philosophy into the AI era.
If you’re thinking about how to bring MCP into your organization without turning your systems into open desert, we’d love to talk.
We’re here all day — would love your feedback, questions, and skepticism.
