MCP Integration

MCP Security: Secure Model Context Protocol Servers

Security proxy for Model Context Protocol servers

The Model Context Protocol (MCP) connects AI agents to external tools and data sources. But MCP servers are a supply chain risk — you're trusting third-party code to handle tool calls from your agent. Rune's MCP proxy sits between your agent and upstream MCP servers, scanning every tool call, verifying server integrity, and enforcing security policies. It speaks native MCP protocol over both stdio and SSE transports.

Add Security in Minutes

pip install runesec[mcp]

# Run Rune as an MCP security proxy
# In your claude_desktop_config.json or MCP client config:

{
  "mcpServers": {
    "my-tools": {
      "command": "rune-mcp",
      "args": ["--upstream", "npx", "my-mcp-server"],
      "env": { "RUNE_API_KEY": "rune_live_xxx" }
    }
  }
}

Full setup guide in the documentation

Why MCP Agents Need Runtime Security

MCP servers are the tool supply chain for AI agents. When you connect Claude Desktop or Cursor to an MCP server, you're giving that server the ability to execute arbitrary tools on behalf of your agent. A malicious or compromised MCP server can return poisoned data, execute unauthorized actions, or exfiltrate information through tool responses.

Top Threats to MCP Agents

criticalMalicious MCP Servers

Third-party MCP servers can return manipulated tool results, inject instructions into responses, or execute unauthorized actions when called by the agent. You're trusting code you didn't write.

criticalServer Integrity Compromise

An MCP server's code changes between when you vetted it and when your agent uses it. Without integrity verification, a compromised update can introduce backdoors silently.

highTool Discovery Abuse

MCP servers can advertise tools with misleading names or descriptions, tricking agents into calling tools that perform unintended actions.

What Rune Does for MCP

Full MCP Proxy

Rune implements the complete MCP JSON-RPC 2.0 protocol. It proxies tool calls, resource access, and prompt requests — scanning everything in transit between agent and server.

Server Integrity Verification

SHA-256 hashing verifies that MCP server code hasn't changed since you last reviewed it. Detects tampered packages, compromised updates, and unauthorized modifications.

Dual Transport Support

Works with both stdio and SSE (Server-Sent Events) transports. Compatible with Claude Desktop, Cursor, Windsurf, and any MCP-compliant client.

Tool Filtering by Policy

YAML policies control which MCP tools are exposed to the agent. Block dangerous tools, restrict parameters, and enforce rate limits per server.

Common MCP Use Cases

Securing Claude Desktop's MCP server connections
Protecting Cursor and Windsurf IDE agent integrations
Enterprise MCP deployments with third-party tool servers
Development environments connecting to community MCP servers

Other Integrations

Anthropic

Drop-in security wrapper for the Anthropic Python SDK

OpenAI

Transparent security wrapper for the OpenAI Python SDK

LangChain

Middleware-native security for LangChain and LangGraph agents

OpenClaw

Native interceptor-based security for OpenClaw agents

Secure your MCP agents today

Add runtime security to your MCP agents in under 5 minutes. Free tier includes 10,000 events per month.

Start Free — 10K Events/Month Integration Docs