Flex Gateway supports both the Model Context Protocol (MCP) and the Agent2Agent (A2A) Protocol, enabling you to protect your agents and systems. Flex Gateway provides centralized oversight, agent visibility, logging, and valuable insights, ensuring effective governance and security for your agent-based architecture. Flex Gateway secures agent interactions by enforcing policies across agent connections and by monitoring agent activities for enhanced visibility.
A2A is an open standard that defines how agents interact with each other, enabling interoperability for agents built by different teams, using different technologies and hosted by different organizations.
Flex Gateway protects agent A2A interactions by requiring appropriate authentication and authorization for agent requests, rewriting Agent Card URLs, logging or blocking sensitive information in messages, and logging Server-Sent Events (SSE) content for compliance audits. You can enhance agent requests by modifying incoming prompts with additional context to improve server-agent execution.
MCP is an open protocol that defines how agents interact with tools or external context, enabling agents to connect to the data and tools they need.
Flex Gateway secures MCP connections by restricting MCP endpoint access to authorized agents only and by simplifying governance through centralized visibility and control over all interactions.
Flex Gateway includes A2A and MCP specific policies that provide enhanced security and control over agent interactions. Flex Gateway A2A policies enable you to protect agent endpoints by rewriting Agent Card URLs, logging or blocking sensitive information in messages, modifying prompt behavior, and logging Server-Sent Events (SSE) content for compliance audits. Flex Gateway MCP policies enable you to use attribute-based access control to manage access to MCP servers.
Flex Gateway MCP and A2A server instances also support Flex Gateway’s other policies. For example, use policies such as policies-included-rate-limiting.adoc or policies-included-spike-control.adoc to manage the number of requests to MCP and A2A servers or use the policies-included-message-logging.adoc to monitor agent interactions.
See flex-agent-policies.adoc to learn about included A2A and MCP policies.