Omri Lorch

MCP changed how AI agents interact with enterprise systems. By creating a standardized way for AI platforms to connect to applications, databases, and business tools, it dramatically lowered the barrier between AI and enterprise systems.

It also created a governance gap most organizations are not prepared for.

As AI agents gain access to business-critical applications, security teams have no reliable way to inspect actions, enforce policy, or establish accountability before those actions occur. Existing access controls were built for humans. They were not built for agents operating autonomously at machine speed across multiple systems.

Today, we're introducing Linx Agentic Access Control, a real-time enforcement layer that gives organizations visibility and control over every action taken through MCP.

Why Your Existing Access Controls Can't See MCP Traffic

Most enterprise access controls were designed around a fairly simple model. A user authenticates, receives permissions, performs actions within an application, and those actions are captured in logs that security teams can review later. The process is familiar, and while it isn't perfect, it creates a chain of accountability.

MCP changes that model.

When an AI agent receives a request, it doesn't operate inside a single application. It can invoke multiple tools across multiple systems, make decisions dynamically, and execute actions in seconds. A single prompt might trigger activity across Salesforce, Jira, GitHub, Snowflake, and several internal applications before a human ever sees the result.

The challenge is that traditional access controls cannot inspect activity at the point where those decisions are being made. Application logs can tell you that something happened. They cannot reliably tell you which agent initiated the action, which user was behind it, whether the activity aligned with policy, or whether it should have been allowed in the first place.

Without an enforcement layer sitting between the AI platform and the target application, that context simply doesn't exist.

This is quickly becoming one of the biggest barriers to enterprise AI adoption. According to McKinsey's State of AI Trust in 2026 report, nearly two-thirds of organizations cite security and risk concerns as the primary obstacle to scaling agentic AI initiatives.

Consider a simple example. An organization grants an AI agent read access to Salesforce so it can retrieve customer information. Later, that same agent is prompted to perform actions outside its intended purpose. Who evaluates the request? Who determines whether the action complies with policy? Who records what happened?

For most organizations today, the answer is nobody.

Introducing Linx Agentic Access Control

As we spoke with customers exploring AI adoption, we kept hearing the same concern.

Organizations understood how to govern people. They understood how to govern service accounts and non-human identities. It’s not perfect, and implementation is hard, but the principles are there. What they didn't understand was how to govern agents.

The problem wasn't a lack of visibility into MCP servers. The problem was a lack of visibility into what agents were actually doing once they got there.

That's why we built Linx Agentic Access Control.

The MCP gateway creates a dedicated enforcement point between AI platforms and the enterprise systems they access. Every MCP tool call passes through that control point before execution, creating a place where requests can be inspected, policy can be evaluated, and activity can be recorded before actions reach downstream systems.

One of the first design decisions we made was to focus on tool-level governance rather than server-level governance. Connecting to an MCP server is one thing. Determining what an agent can actually do once it's connected is something entirely different. Linx allows organizations to define which specific read, write, and administrative tools an agent can invoke, with policies mapped directly to Linx Access Profiles and governed by role, team, department, or persona.

The gateway also performs policy evaluation in real time. Every request is inspected before execution and evaluated against organizational policy. Approved actions proceed. Violations are blocked before they reach the target application. The goal isn't to investigate risky behavior after it occurs. The goal is to prevent it from occurring in the first place.

Just as importantly, every approved and denied action is captured, timestamped, and attributable. Security teams gain a complete record of activity, including the identity behind the request, the tool being invoked, the action attempted, and the outcome. For the first time, organizations have an investigable record of what agents actually did, not simply what downstream systems recorded.

The Unified Identity Context Advantage

Most MCP governance solutions evaluate requests in isolation. They can see the agent making the request, but they lack the broader identity context required to make accurate policy decisions.

That context matters more than most organizations realize.

When a policy decision is made, Linx can evaluate the human behind the request, the non-human identity the agent is operating as, the access profile associated with that activity, and the specific action being attempted. Rather than looking at a single request in isolation, Linx evaluates the entire identity chain behind it.

This is what allows enforcement to be precise rather than blunt. Without that context, organizations are often forced into a familiar tradeoff. Either permissions become so restrictive that productivity suffers, or access becomes so broad that risk increases.

Because Agentic Access Control is built directly into the Linx identity governance platform, the same access profile logic already used to govern human and non-human identities extends naturally to AI agents. Organizations don't need a separate governance model for agents. They can extend the one they already trust.

Summary

As AI adoption increases rapidly, we believe AI identity governance should not just keep up, but stay ahead.

We view the MCP Gateway as the core foundation of a broader AI governance strategy, providing real-time enforcement of granular, context driven, policy. We believe it must be coupled with comprehensive agent coverage and the full suit of governance capabilities. That is the only way to treat your agents as the first-class identities they are, and the only path to responsible AI acceleration.

That's why we’re so excited about building a unified, humans and agents, governance platform.

If you want to see Linx Agentic Access Control in action, join us for an in-person demonstration during Identiverse (June 15-17). To see Linx Agentic Access Control virtually, schedule a demo with our team to see it live.