Netskope outlines controls for agentic AI traffic

Netskope outlines new controls for agentic Artificial Intelligence (AI), detailing tools to decode Model Context Protocol (MCP) traffic and enforce access and data policies; the update addresses visibility and control gaps that enterprise security teams face as autonomous agents proliferate.

Research Overview

Agentic AI operates without direct human prompts, taking actions such as calling APIs and executing code autonomously.

MCP, introduced by Anthropic in late 2024, is presented as the protocol linking agents to tools, data sources, and services and as a focal point for emerging operational risk.

Key findings

Current enterprise controls were designed for human-initiated traffic and therefore do not capture machine-to-machine agentic exchanges, creating a visibility gap for security teams.

The vendor positions real-time decoding of MCP traffic and evaluation of public MCP servers as necessary steps to detect unauthorized access, anomalous behavior, and potential data exposure.

Technical breakdown

The Netskope One Agentic Broker is described as intercepting MCP communications between AI clients and MCP servers, decoding protocol messages in real time to identify active agents, remote endpoints, tool requests, initialization strings, and session responses.

The Broker produces searchable logs, supports risk scoring of MCP servers through assessments of protocol versions, encryption, and authentication, and applies runtime controls including access policies and integrated Data Loss Prevention (DLP) to block or audit risky interactions.

Product update

Netskope One AI Gateway is presented as a deployable virtual appliance for private infrastructures that intercepts Application Programming Interface (API) traffic among internal applications, autonomous agents, and privately hosted or third-party Large Language Model (LLM) inference services without routing traffic through external services.

The Broker and Gateway are shown as complementary: the Broker addresses public-facing MCP communications while the Gateway extends the same visibility and enforcement capabilities into privately hosted agentic environments, all managed through a single console.

Operational impact

Security teams can use decoded MCP traffic to determine which agents invoke which tools, what data is requested or returned, and whether agents access resources beyond their privileges.

Applying consistent policies and logging across public and private agentic workflows enables auditability and gives teams the ability to block unauthorized MCP communications and prevent data exfiltration via agent outputs.

This “Blog Signals brief” is a fact-based summary of the vendor blog.