Loading...

Loading

Permit.io

Permissions for the AI Era

GitHub Slack X YouTube LinkedIn

Products

MCP Gateway
App and API Permissions
AI Agent Security

Solutions

RBAC
ABAC
ReBAC
Healthcare

Platform

Policy Engine
MCP Gateway
Elements
Audit Logs
CLI

Resources

Docs
Blog
Customers
Videos
Pricing
FAQ's

Company

About
Open Source
Careers
Privacy Policy
Terms & Conditions
Service Status
Contact
Email

SOC 2 Type IIHIPAAGDPRCCPACNCF Silver Member

© 2026 Permit Inc.

Loading...

Loading

Model Context Protocol (MCP) | Permit

Model Context Protocol (MCP)

Back to all posts

Or Weis
May 17 2026
Best Practices for AI Identity Governance
AI agents acting on behalf of users need more than authentication — they need governance. This article covers the Permit.io agentic identity model, policy-as-code lifecycle, MCP Gateway enforcement, zero standing credentials, Guardian Agents, and what an audit trail must contain to be meaningful.
Read more
Gabriel L. Manor
May 14 2026
Securing Coding Agents: What You Need to Know
Coding agents execute code, run commands, and call APIs — not just generate text. This guide covers the real security risks, why authorization must happen at the tool-call level, and how Permit.io and the Permit MCP Gateway enforce least-privilege access for agentic workflows.
Read more
Or Weis
May 11 2026
Least Privilege in AI Agents and Agentic Identity
AI agents break the traditional least-privilege model. This article explains why, defines agentic identity (delegating human + workflow context + declared intent), and shows how Permit.io enforces zero standing privileges through gateway-vaulted credentials, the PDP, MCP Gateway, and downscoped delegation chains.
Read more
Or Weis
Apr 10 2026
MCP Auth vs Agent Authorization: Why OAuth Alone Doesn’t Solve Agent Security
MCP auth is necessary, but it is not the same thing as agent authorization. If you want secure agent systems, you need identity, delegation, policy, and runtime enforcement beyond OAuth.
Read more
Or Weis
Apr 10 2026
MCP Gateway vs MCP Proxy: What’s the Difference, and Why It Matters in Production
If you are comparing an MCP gateway to a basic MCP proxy, the real difference is not routing. It is identity, authorization, consent, auditability, and runtime control for agent actions.
Read more
Or Weis
Apr 08 2026
How Security Teams Review an MCP Gateway for SOC 2 + HIPAA
A practical review guide for security, privacy, and procurement teams evaluating whether an MCP gateway can meet SOC 2, HIPAA, and privacy requirements — with concrete examples from Permit MCP Gateway.
Read more
Or Weis
Apr 08 2026
The Six Layers Every MCP Gateway Must Enforce
A practical blueprint for securing Model Context Protocol (MCP) agents across identity, consent, policy, and audit layers without rewrites.
Read more
Or Weis
Mar 17 2026
Announcing Permit MCP Gateway
Announcing Permit MCP Gateway, a new trust and enforcement layer for MCP that brings identity, consent, fine-grained authorization, auditability, and runtime control to AI agent actions.
Read more
Or Weis
Dec 29 2025
Authorization Strategies for Model Context Protocol (MCP)
Secure MCP authorization with OAuth 2.1, zero standing permissions, and fine-grained access control for AI agents using Permit.io and agent.security.
Read more
Or Weis
Jul 29 2025
The Ultimate Guide to MCP Auth: Identity, Consent, and Agent Security
Struggling with MCP Auth? This guide cracks identity, consent, and agent security! Master the five layers of MCP auth & tackle context complexity for production-ready AI.
Read more

Select by Tag

AI Identity
Agent Security
Best Practices
Fine Grained Authorization
Authentication
Oauth
RBAC
ReBAC

Google Zanzibar

Implementation Guide

Serverless Framework

API Authorization

Developer Tools

API Development

Location Based Access Control