MCP-G
MCP-G
Posted inAgentic AI AI Blog

MCP-G-AI-Powered: MCP-G: AI-Powered Kubernetes Security for MCP | TechWithHuz

No Comments

Your AI agents are powerful—but they’re also a security risk. Model Context Protocol (MCP) servers expose tools, databases, and APIs that could be exploited by a single prompt injection attack. Without proper security controls, you’re one malicious input away from a data breach.

MCP-G changes that. It’s an open-source Kubernetes platform that discovers, scores, and secures all your MCP servers automatically—with zero manual setup.

MCP-G monitors and secures resources from AgentGateway, Kagent, and Agent Registry – the core components that expose and manage MCP servers in your cluster. It automatically discovers these resources, evaluates their security posture, and provides actionable insights to harden your MCP infrastructure.

In this guide, I’ll show you what MCP-G does, why it matters, and how to deploy it.

Why MCP Security Matters

Most organizations deploying AI agents don’t realize how exposed their MCP infrastructure really is. Here are the top 5 risks:

  • No Visibility — You don’t know how many MCP servers you have or which agents can access them
  • Unlimited Access — Agents can invoke any tool. If one gets compromised, attackers can do anything
  • Prompt Injection — Attackers trick AI agents into dumping databases or stealing API keys
  • No Audit Trail — When a breach happens, you have no way to trace who did what
  • Compliance Drift — Security policies slowly get ignored as your infrastructure grows

What Is MCP Governance?

MCP Governance is a lightweight Kubernetes controller that automatically:

  • 🔍 Finds all your MCP servers and their configurations
  • 📊 Scores each server’s security across 8 important categories
  • ⚠️ Flags critical security gaps with fix recommendations
  • 📈 Tracks improvements over time with a dashboard
  • 🧠 Uses AI (optional) to suggest better security practices

It’s built in Go, runs in Kubernetes, and deploys in minutes. No complex setup required.

Architecture

MCP-G follows a clean controller-dashboard architecture inside your Kubernetes cluster.

MCP-G runs two components in your Kubernetes cluster that work together to discover and secure your MCP infrastructure:

1. Governance Controller (Go)

The controller is the brain of MCP-G. It runs as a Kubernetes deployment and continuously monitors your cluster:

  • Discovers all MCP servers from AgentGateway, Kagent, and Agent Registry using reconcile logic.
  • Evaluates security posture across 8 governance categories
  • Scores each server on a 0–100 scale with A–F letter grades
  • Exposes results via REST API on port 8090
  • Analyzes risks with AI (optional: Google Gemini or Ollama) for deeper insights

The controller doesn’t require any manual input—it reads your Kubernetes resources and automatically evaluates them.

2. Real-Time Dashboard (Next.js)

The dashboard is a beautiful web interface that lets you see your MCP security posture at a glance:

  • Overview Tab — Cluster score, grade, and trend over time
  • MCP Servers Tab — List of all discovered MCP servers with individual scores and security gaps
  • Findings Tab — Specific security issues with clear fix recommendations
  • Verified Catalog Tab — Catalog of all your MCP servers with Organization, Trust and Compliance score.

The dashboard auto-refreshes every 15 seconds, so you always see the latest data.

How They Work Together

  1. Controller discovers MCP servers and their configurations
  2. It evaluates each server across 8 security categories
  3. Assigns scores and identifies security gaps
  4. Exposes results via REST API
  5. Dashboard polls the API and displays findings in real-time
  6. Optional: AI agent analyzes results for deeper insights

Everything happens automatically—no manual configuration needed.

The 8 Security Checks

MCP-G evaluates each server across these categories:

CheckPointsWhat We Look For
Gateway Routing20Is the server behind a gateway that enforces policies?
Authentication20Must agents prove who they are before accessing tools?
Authorization15Can we limit which tools each agent can use?
Encryption (TLS)15Is data encrypted in transit?
Rate Limiting10Can we stop runaway requests?
CORS Policy10Are cross-origin requests restricted?
Prompt Guard10Protected against prompt injection attacks?
Tool Scope10Are only necessary tools exposed (not all 50+)?

Scoring: 0–59 = F (Critical issues) | 60–69 = D | 70–79 = C | 80–89 = B | 90–100 = A (Enterprise-grade)

Key Features

  • ✅ Auto-Discovery — Finds all MCP servers without manual setup
  • ✅ Real-Time Dashboard — See security scores and findings instantly
  • ✅ Security Scoring — 8-category evaluation with A–F grades
  • ✅ Actionable Findings — Get specific fixes for each security gap
  • ✅ AI-Powered Analysis — Optional: Get smarter insights from Google Gemini or Ollama
  • ✅ REST API — Integrate with your existing security tools
  • ✅ Policy-as-Code — Define governance rules in Kubernetes (no UI config needed)
  • ✅ Open Source — 100% transparent, MIT licensed

What You Need

Prerequisites

Required components that must be installed before MCP-G

  • Kubernetes 1.24+ (any cluster: EKS, GKE, AKS, Kind, etc.)
  • kubectl access with cluster admin permission
  • Helm 3.13+ installed

AgentGateway

The enforcement plane that routes and secures all MCP traffic through policies, JWT authentication, rate limiting, and tool allow-lists. Install AgentGateway

Kagent

The MCP agent platform that discovers, registers, and executes MCP servers. MCP-G monitors Kagent agents and MCPServer resources. Install Kagent

Agent Registry

A centralized catalog of verified MCP servers. MCP-G scores catalog entries and enables agents to use only approved servers. Deploy Agent Registry

Install in 2 Steps

Step 1: Deploy MCP-G

helm install mcp-governance \
oci://ghcr.io/techwithhuz/charts/mcp-governance \
--version 0.18.0 \
--create-namespace \
--namespace mcp-governance \
--set samples.install=true


If you want to enable AI feature
1. Create the secret with your Google API key

kubectl create secret generic mcp-governance-ai-secrets \
--from-literal=google-api-key=YOUR_GOOGLE_API_KEY \
-n mcp-governance


helm install mcp-governance \
oci://ghcr.io/techwithhuz/charts/mcp-governance \
--version 0.18.0 \
--create-namespace \
--namespace mcp-governance \
--set controller.googleApiKeySecret=mcp-governance-ai-secrets \
--set governancePolicy.spec.aiAgent.enabled=true \
--set governancePolicy.spec.aiAgent.provider=gemini \
--set governancePolicy.spec.aiAgent.model=gemini-2.5-flash \
--set samples.install=true

Step 2: Access the Dashboard

kubectl port-forward -n mcp-governance svc/mcp-governance-dashboard 3000:3000

Then open http://localhost:3000 in your browser. That’s it!

What You’ll See in the Dashboard

  • Overview — Your cluster’s security score, letter grade, and trend over time
  • MCP Servers — A list of all discovered servers with their individual scores and security gaps
  • Findings — Specific security issues with clear recommendations for fixes
  • Verified Catalog — Catalog of all your MCP servers with Organization, Trust and Compliance score.structure
MCP-G Overview Page

Custom Security Policies

You can customize scoring rules by creating a MCPGovernancePolicy in Kubernetes:

apiVersion: governance.mcp.io/v1alpha1
kind: MCPGovernancePolicy
metadata:
  name: enterprise-mcp-policy
  namespace: default
spec:
  # Evaluation scope - which MCP servers to score
  selector:
    matchLabels:
      governance: enabled
  aiAgent:
    enabled: true
    # Provider: "gemini" (requires GOOGLE_API_KEY env var) or "ollama" (local model)
    provider: gemini
    # Model name: e.g. "gemini-2.5-flash" for Gemini, "llama3.1" or "qwen2.5" for Ollama
    model: "gemini-2.5-flash"
    # Ollama endpoint (only used when provider is "ollama")
    # ollamaEndpoint: "http://localhost:11434"
    # Interval between periodic AI evaluations (e.g. "5m", "10m", "1h")
    scanInterval: "5m"
    # Set to false to disable periodic scanning (manual-only via dashboard button)
    scanEnabled: true
  # Control weights (0-100 each)
  weights:
    gatewayRouting: 20    # Must route through AgentGateway
    authentication: 20    # JWT auth required
    authorization: 15     # Tool allow-lists via policy
    tls: 15              # Backend TLS encryption
    cors: 10             # CORS policy configured
    rateLimit: 10        # Rate limiting enforced
    promptGuard: 10      # Prompt injection protection
    toolScope: 10        # Tool exposure restricted
  
  # Thresholds for what constitutes a pass/fail
  thresholds:
    minServerScore: 60           # F grade below this
    minCategoryScore: 50         # Control fails if below
    maxToolExposure: 0.25        # Max 25% of tools exposed
    criticalFinding: 85          # Critical severity if score below
  
  # Findings severity levels
  severityPenalties:
    Critical: 20   # Deduct 20 points per finding
    High: 10
    Medium: 5
    Low: 1
  
  # Verified Catalog Scoring configuration
  verifiedCatalogScoring:
    # Category weights (should sum to 100)
    # Controls how the final composite score is computed
    securityWeight: 50      # Weight for security score
    trustWeight: 30         # Weight for trust score
    complianceWeight: 20    # Weight for compliance score
    # Status thresholds
    verifiedThreshold: 70   # Score >= 70 → "Verified"
    unverifiedThreshold: 50 # Score >= 50 → "Unverified", < 50 → "Rejected"
    # Per-check maximum scores (customize severity of each check)
    checkMaxScores:
      PUB-001: 20  # Publisher Verification
      PUB-002: 15  # Code Signing
      PUB-003: 15  # Publisher Trust
      SEC-001: 15  # Transport Security
      SEC-002: 10  # Deployment Security
      DEP-001: 10  # Dependency Analysis
      DEP-002: 10  # Vulnerability Scanning
      DEP-003: 10  # License Compliance
      TOOL-001: 5  # Tool Scope
      USE-001: 5   # Usage Patterns
  # targetNamespaces is empty – scan all namespaces by default
  targetNamespaces: []

Apply it and the controller will immediately start using your custom rules.

Who Should Use MCP-G?

  • Security Teams — Audit and enforce MCP security policies across your cluster
  • DevOps Teams — Catch misconfigurations before they reach production
  • Compliance Officers — Get automated reports proving your MCP infrastructure is secure
  • AI Developers — Safely deploy AI agents without worrying about security gaps

Best Practices

  1. Start with discovery — Deploy MCP-G and review baseline findings before enforcing policies
  2. Fix critical issues first — Focus on getting missing authentication and encryption in place
  3. Gradually tighten policies — Start permissive, then gradually require stronger security controls
  4. Monitor score trends — A declining score means new security gaps are being introduced
  5. Use AI insights — Enable AI analysis to get smarter recommendations, not just rule-based scores
  6. Review quarterly — As your infrastructure grows, update your governance policies

Get Started Today

MCP Governance makes securing your MCP infrastructure simple. You get automated discovery, security scoring, and actionable findings — all without complex setup.

Ready to secure your MCP servers?

Questions? Open an issue on GitHub. Contributions welcome!

Tags:

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply