Runtime Security for MCP Agents

Baseline MCP tools, enforce role-aware policy, quarantine risky drift, scan responses, and produce audit evidence your security team can inspect.

REQUEST ACCESS VIEW DASHBOARD

Built for teams deploying AI agents with MCP tool access

MCP Servers FastAPI Self-hosted Shadow Mode

What is
Interlock?

Interlock is an MCP security control plane for teams using multiple MCP servers and agent tools together. It gives operators one place for tool baselines, drift detection, role-aware policy, response scanning, and structured audit logs across heterogeneous servers. This is not a replacement for server RBAC; it is the centralized policy, audit, and output-scanning layer in front of many MCP servers.

The Security Layer
Between AI and Action

Every MCP tool call passes through Interlock — classified, checked against policy, scanned, and logged before reaching upstream tools.

Interlock active architecture flow AI Agent traffic moves into Interlock, passes through discover, baseline, policy, scan, and audit stages, then is allowed to MCP servers or quarantined for review. AI AI Agent tool call requested UPSTREAM MCP Servers Slack · DB · Files REVIEW Quarantine operator decision LOG Audit Log Interlock Gateway BASELINE · POLICY · SCAN · AUDIT Discover Baseline Policy Scan Audit
AI AgentRequests a tool call with role and arguments.
Interlock GatewayDiscover → Baseline → Policy → Scan → Audit.
DecisionAllow to MCP server or quarantine risky drift for operator review.
Audit LogEvery allow, monitor, deny, and quarantine decision gets recorded.

Layered Runtime Inspection

Every request can run layered checks across fingerprints, rules, patterns, LLM judgment, and custom policy.

L0
Learned Memory
Fingerprint match against known threat patterns from prior sessions
0–2ms
L1
Rule Engine
Regex, unicode bypass, leetspeak, base64 encoding, PII patterns
FAST
L2
Pattern Matcher
80+ weighted threat signals across injection and exfiltration categories
80+ SIGNALS
L3
LLM Judge
Groq-powered semantic analysis for novel and sophisticated attacks
AI LAYER
CP
Custom Policy
Per-API-key rules, role-based enforcement, ALLOW / BLOCK / MONITOR / QUARANTINE
ENFORCE
AGENT payment-v2 BLOCKED role denied Interlock Policy Check Stripe DB Mail tools not reached Audit event
PRE-EXECUTION POLICY
Policy Enforcement
Before Execution

Interlock intercepts every tool call before it fires. Role-based policies determine whether to allow, monitor, quarantine, or block — based on the request content, user role, and tool sensitivity.

READ MORE
PYTHON SDK INTEGRATION
import os
from openai import OpenAI

# Before Interlock - direct to OpenAI
client = OpenAI(
  api_key=os.environ["OPENAI_API_KEY"]
)

# After Interlock - same SDK, Interlock as gateway
client = OpenAI(
  api_key=os.environ["INTERLOCK_KEY"],
  base_url="https://interlock.onrender.com/v1"
)

client.chat.completions.create(
  model="gpt-4o",
  messages=[{"role": "user", "content": "Inspect this request"}]
)
INTERLOCK LIVE AUDIT — agent: payment-processor-v2
16:54:01
tool:stripe.charge — amount=847.00, user=u_9a2f
ALLOW
16:54:03
tool:db.query — PII pattern detected (email)
MONITOR
16:54:07
tool:send_email — body injection L2 score=0.91
BLOCK
16:54:09
tool:slack.export_channel — external sharing added post-baseline
QUARANTINE
16:54:12
tool:db.query — schema:users, cols: id,name
ALLOW
16:54:15
tool:send_email — drift detected post-approval
BLOCK
OBSERVABILITY
Every Decision,
Fully Auditable

Complete feed of every allow, block, monitor, and quarantine decision. Full decision context stored. Export to Datadog, Splunk, Elastic, Slack, PagerDuty, or webhook. Built for teams that need clear evidence for security review, compliance workflows, and incident response.

READ MORE
🔍

Tool Drift Detection

Interlock baselines every MCP tool at discovery time. If schema, capability, or metadata changes later, the drift is classified and can be monitored, denied, or quarantined before execution.

📋

Deployment Flexibility

Deploy in the cloud, your VPC, on-premises, or fully air-gapped. You control where your data lives and how it's secured. No vendor lock-in.

🛡️

Response Scanning

Tool and model responses are scanned for injected instructions, secrets, PII, and exfiltration patterns before they are forwarded downstream.

Configurable Fail Mode

Choose fail-open, fail-closed, or fail-open-safe per environment. If Interlock is unreachable, requests follow your configured policy instead of an implicit default.

Enterprise evaluation path

Proof a CTO can inspect in one session.

Interlock's demo is built around evidence, not a slide deck: run a request through the gateway, watch risky tool behavior get blocked or quarantined, and open the audit trail that explains the decision.

01 / Integrate
OpenAI-compatible base URL swap

Point an existing SDK client at Interlock and keep provider keys on the gateway host instead of inside every agent app.

02 / Enforce
Runtime policy before tool execution

Evaluate prompt injection, risky tool arguments, role permissions, and MCP server trust before the call reaches Slack, files, databases, or APIs.

03 / Review
Drift and quarantine workflow

Compare tool schemas against approved baselines, flag new capabilities, and require an operator decision for high-risk changes.

04 / Audit
Evidence for security review

Show allow, block, monitor, and quarantine decisions with reason, severity, role, target, scan time, and export-ready context.

Best first pilot: one real agent, one MCP server, one policy, one audit review with the security owner.
OPEN DASHBOARD 2-MIN QUICKSTART
<1s
Policy evaluation and stored drift/provenance check per call
6
Security stages per MCP call — trust, policy, inspect, RBAC, scan, audit
80+
Weighted threat signals in the pattern matcher
0
Agent logic changes needed — one base_url swap

Design Partner Program

Pre-release. Working with a small group of teams to validate real MCP security workflows.

Builder
Free
shadow mode · evaluate risk
  • Shadow mode — log threats, block nothing
  • Limited audit log access pipeline
  • Structured event review
  • Email support
  • Custom policies
  • Webhook export
  • Dedicated support terms
APPLY VIA EMAIL
Design Partner
Apply
shape the roadmap · early access
  • Full enforcement + all modes
  • Direct access to founder
  • Structured audit log access
  • Roadmap input + early features
  • Custom policy configuration
  • Priority support + onboarding call
  • Dedicated support terms
BOOK INTRO CALL
Enterprise
Custom
VPC / on-prem · regulated teams
  • On-premises or VPC deployment
  • Custom detection signals
  • Full log retention + export
  • Role-based policy mgmt
  • SIEM + compliance workflows
  • Scoped to your compliance needs
GET IN TOUCH

Get early access to Interlock and start securing your agents.

BOOK A DEMO DOCS

Your agents are gaining tool access. Can your security explain every decision?

BOOK A DEMO