Salt Security has launched an advanced capability that leverages its patented API behavioral threat protection to detect and block malicious intent against Model Context Protocol (MCP) servers within AWS environments. This extension builds on the recent MCP Finder technology, enabling organizations to identify and automatically mitigate external misuse by AI agents and attackers using existing AWS WAF integrations.
Model Context Protocol servers have become essential for enterprise AI, allowing large language models and autonomous agents to interface with APIs, execute tools, and automate workflows. However, their decentralized deployment—often without oversight and exposed to the internet—creates significant vulnerabilities, including unauthorized data access and system compromise.
Salt's solution combines comprehensive MCP discovery with AWS WAF enforcement to provide proactive protection. Organizations gain visibility into unmanaged MCP implementations and can route traffic through AWS WAF for inspection, extending edge security to the AI action layer.
The integration delivers several critical features that empower security teams to respond swiftly:
"Most organizations don't even know how many MCP servers they have, let alone which ones are exposed or being abused," said Nick Rago, VP of Product Strategy at Salt Security. "This capability lets them take action quickly, using existing controls to prevent real threats without needing to deploy new infrastructure."
By fusing MCP Finder's discovery engine with AWS WAF's enforcement, Salt enables real-time threat mitigation informed by its platform's behavioral data, ensuring AI operations remain secure without disrupting innovation.
The new protections are available immediately as part of the Salt Security API Protection Platform and will be demonstrated at AWS re:Invent 2025.
About Salt
Security Salt Security secures the APIs that power today's digital businesses. Salt delivers the fastest API discovery in the industry—surfacing shadow, zombie, and unknown APIs before attackers find them. The company's posture governance engine and centralized Policy Hub automate security checks and enforce safe API development at scale. With built-in rules and customizable policies, Salt makes it easy to stay ahead of compliance and reduce API risk. Salt also uses machine learning and AI to detect threats early, giving companies a critical advantage against today's sophisticated API attacks. The world's leading organizations trust Salt to find API gaps fast, shut down risks, and keep their businesses moving.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.