Defensive Publication: A Proactive Compliance and Security Enforcement Gateway for Model Context Protocol (MCP) Servers and Agentic AI Systems with Two-Stage Bidirectional Inspection, Immutable Sensitivity-Aware Routing, and Tamper-Evident Audit

Inventor(s)

• Tiago Rosado, Agnostic Security LtdFollow

Abstract

This document discloses the architecture of a proactive compliance and security enforcement gateway that mediates all traffic between AI agents (or human clients) and the large language models (LLMs) and Model Context Protocol (MCP) tool servers they invoke. The gateway operates as a reverse proxy enforcing a fail-closed posture: every inbound prompt and every outbound response is inspected by a two-stage pipeline — a sub-5ms offline machine -learning classifier followed by a configurable LLM-based deep-inspection backend — before crossing the boundary. A three-layer sensitivity pipeline (regex, ML, LLM) classifies payloads and routes data graded CONFIDENTIAL or RESTRICTED to local-only models under an immutable, non-overridable rule. A dedicated PII module detects ten entity types (with Luhn validation) and enforces LOG, REDACT, or BLOCK modes bidirectionally. A deterministic optimisation engine makes reproducible routing decisions over four dimensions — sensitivity, complexity, budget, and cost — emitting a full audited reasoning chain. The gateway isolates each identity in a dedicated container with forensic post-mortem capture on failure, records all transactions in a SHA-384 Merkle-chained tamper-evident audit log, adjudicates prompt-injection risk with multiple LLMs, and enforces unified identity-aware Open Policy Agent (OPA) authorization over both LLM and MCP traffic, including per-tool policy decisioning at an MCP broker. This publication consolidates already-public material to place it where patent examiners search.

Keywords: LLM security gateway; Model Context Protocol; MCP security; prompt injection detection; multi-LLM adjudication; policy enforcement; Open Policy Agent; OPA; RBAC; PII detection; PII redaction; data loss prevention; sensitivity-aware routing; deterministic model routing; container-per-identity isolation; forensic post-mortem; tamper-evident audit; Merkle hash chain; SHA-384; credential exfiltration; fail-closed inspection; bidirectional inspection; agentic AI security; budget governance; reverse proxy.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Recommended Citation

Rosado, Tiago, "Defensive Publication: A Proactive Compliance and Security Enforcement Gateway for Model Context Protocol (MCP) Servers and Agentic AI Systems with Two-Stage Bidirectional Inspection, Immutable Sensitivity-Aware Routing, and Tamper-Evident Audit", Technical Disclosure Commons, ()
https://www.tdcommons.org/dpubs_series/10447