Block prompt injection, PII leakage, and resource exhaustion. Drop-in protection for any MCP server. Under 5ms overhead.
Add enterprise-grade security without changing business logic
from mcp_bastion import MCPBastionMiddleware, compose_middleware
# One object. All 14 security pillars.
bastion = MCPBastionMiddleware(
enable_prompt_guard=True, # Block jailbreaks
enable_pii_redaction=True, # Mask SSN, email, phone
enable_rate_limit=True, # Stop runaway agents
)
middleware = compose_middleware(bastion)Defense-in-depth for every MCP server. Each pillar runs independently.
Meta PromptGuard blocks jailbreaks locally
Presidio masks SSN, email, phone
Token bucket per session
Auto-disable failing tools
Tool-level permissions by role
Block code injection, path traversal
Per-session budget enforcement
Nonce-based replay prevention
Deduplicate similar queries
Validate tool input types
Structured JSON audit trail
OTLP spans for Grafana, Datadog
Slack, webhook, cost anomaly alerts
Real-time requests, cost, blocked stats
Tamper-proof forensic audit trail
Plug in OPA or Cedar policy engines
Heuristic semantic policy checks
One-line install for every major LLM framework
| Feature | MCP-Bastion | Others |
|---|---|---|
| Active defense | Auto-block | Logging only |
| Data privacy | 100% local | External APIs |
| Cost protection | FinOps budgets | Basic limits |
| Architecture | Drop-in middleware | Standalone proxy |
| Latency | <5ms | 50-200ms |
| Test coverage | 100% | Unknown |
Monitor requests, blocked attacks, PII redacted, cost tracking, and alerts in real time
Requests, blocked %, PII redacted, cost per user
Scrape /metrics for Grafana and Datadog
Instant notifications on injection, cost spikes
Most MCP security tools focus on logging or require external APIs. MCP-Bastion provides active, local defense.
| Capability | MCP-Bastion | MCP Guardian | MCP Gateways |
|---|---|---|---|
| Prompt injection blocking | Local ML model | WAF rules only | External API |
| PII redaction | Presidio (local) | No | Some (cloud) |
| Data leaves your network | Never | No | Yes |
| Denial-of-wallet protection | FinOps budgets | Rate limit only | Rate limit only |
| Architecture | Drop-in middleware | Standalone proxy | Hosted gateway |
| Latency overhead | <5ms | 10-50ms | 50-200ms |
| Policy-as-code | YAML + OPA + Cedar | Config file | Dashboard UI |
| Framework integrations | 17+ packages | Generic only | Varies |
| Cost | Free (MIT) | Free | $$$ |
| Test coverage | 100% | Unknown | Unknown |
Attackers embed "ignore previous instructions" in tool arguments. Without active defense, your agent executes malicious commands on your infrastructure.
Tool results containing SSN, emails, and phone numbers flow directly into LLM context windows. One leaked prompt and your customer data is exposed.
An infinite loop calling a paid API can rack up thousands in minutes. Token budgets and session timeouts stop this before it starts.
SOC2, HIPAA, and GDPR require audit trails for data access. MCP-Bastion logs every tool call with structured, tamper-proof entries.
Get started in under 60 seconds. No config needed.