MuleSoft Governance for AI Agent Interactions

MuleSoft Governance for AI Agent Interactions is a new suite of features focused on managing and securing interactions between agents, applications, and other agents. This extends the capabilities of MuleSoft Flex Gateway to support Model Context Protocol (MCP) and Agent2Agent (A2A) protocol. With support for these protocols, you can now enforce policies across these agent connections and gain enhanced visibility into agent activities through monitoring. Through these capabilities, you get a comprehensive approach to governing and securing your agentic architecture

With Governance for AI Agent Interactions, you can ensure that every agent interaction across your enterprise occurs with the proper level of oversight and control. You can:

• Protect both your agents and your systems: The agentic world requires that you be more methodical than ever about implementing security at every level of your tech stack. Ensure only authorized agents and users access your agents and applications.
• Maintain compliance: Detect, filter and log PII in-transit between your agents to help meet internal and external policies around data privacy and compliance.
• Ensure performance: Foundational for an effective agent experience is ensuring a smooth, responsive experience for end users – and other agents. MuleSoft enables you to protect against malicious and erroneous traffic surges, as well as helps you monitor performance of agent requests in real-time.
• Gain visibility: Monitor and log activity of agents with other agents and with your applications for operations, audit, and troubleshooting purposes.

We’re launching several policies for Flex Gateway for the MCP and A2A protocols soon.

Agent2Agent Protocol:

• Protocol Support: Enable Server-Sent Events (SSE) and perform schema validation.
• Agent Card Policy: Ensure the agent is proxied by Flex Gateway by rewriting the agent card.
• PII Detector: Detect sensitive information in messages sent to and from agents.
• Prompt Decorator: Modify prompt behavior by injecting custom prompts into requests.
• Content Logging with SSE: Log content sent by agents for audit and compliance needs.
• Spike Protection: Protect against sudden surges in traffic that might overwhelm an agent.
• Rate Limiting: Limit the number of requests to an agent over a specific period of time.

Model Context Protocol:

• Protocol Support: Enable MCP support by enabling Server-Sent Events.
• Attribute-based access control: Enable access to MCP servers based on Anypoint access tiers.

Here are some possibilities for how you might use these policies:

Ensuring seamless, automated banking reconciliation

An organization leverages an AI agent to automate the reconciliation of bank statements with general ledger entries. Flex Gateway sits inline between the agent and the MCP servers for the bank and the general ledger. Implementation of the schema validation policy ensures that data exchanged between the bank's API and the accounting agent adheres to strict formatting rules, preventing discrepancies due to data inconsistencies. The PII Detector policy can flag any potentially sensitive financial account numbers appearing in the reconciliation logs.

Maintaining performant operations of IoT-agent infrastructure

An agricultural provider uses a fleet of IoT devices, surfaced through an MCP server, alongside a client agent to monitor operations across its fields. The server is protected by Flex. An errant client Agent might cause a spike of configurations sent to the IoT devices simultaneously. The spike control policy implemented in Flex Gateway can prevent the MCP server from being overloaded with this surge of configuration inputs, and it helps ensure service uptime and availability.

Ensuring privacy and control across the agent-coordinated supply chain

A firm uses agents to coordinate its supply chain, and integrates logistics partners’ agents via A2A protocol. In Flex Gateway, schema validation ensures requests between companies are properly formatted – preventing malformed requests that could result in Agent failure. The prompt decorator policy adds supplier information to give downstream agents context. The PII Detector policy redacts customer addresses in status updates shared with the customer-facing agents for privacy.

Support for governance of agent interactions continues our mission to help organizations connect everything, automate anything — and now, empower agents everywhere. With MuleSoft Governance for Agent Interactions, alongside our capabilities for MCP in the Anypoint Platform, you can design, build, deploy and govern your entire API infrastructure for agentic AI on MuleSoft.

We’ll continue to extend and enhance the capabilities of MuleSoft Governance for Agent Interactions over time.

• Increased control: We’ll increase the breadth of our agent-specific policies to enable you to have greater control over agent interaction and consumption.
• Enhanced visibility: We’ll expand the scope of metrics available in Anypoint Monitoring to give you better insights into the operations of your agents across your enterprise. This includes giving you insight into performance, data transfer, data streaming, and runtime errors.
• Improved troubleshooting: With OpenTelemety-based end-to-end tracing, we’ll make it easier and faster for you to trace and debug issues within your agentic architecture.

These new features in Anypoint Platform and Flex Gateway help organizations manage their APIs, whether they involve AI agents or not, by providing better control, security, monitoring, and overall management. With MuleSoft, you can confidently use AI agents across your enterprise.