MuleSoft Agent Governance

MuleSoft Agent Governance, part of MuleSoft Agent Fabric, is a set of capabilities for managing and securing interactions within your agent-based architecture. It is like an enterprise policy framework for your agent network, ensuring agents act responsibly, securely, and in alignment with business objectives.

Agent Governance leverages MuleSoft Flex Gateway and its support for Model Context Protocol (MCP) and Agent2Agent (A2A) protocol . Using Flex Gateway, you can apply security and compliance policies to every agent-agent and agent-application interaction. Through these capabilities, you get full control over your agentic architecture.

MuleSoft Agent Governance gives you the power to secure and control every agent interaction across your enterprise. With it, you can:

Secure Access and Authorization: Ensure only authorized agents and users can access your applications. Enable agents to act responsibly on the behalf of users. 

Maintain Compliance: Automatically detect, filter, and log sensitive data, like Personally Identifiable Information (PII), to meet internal and external privacy policies.

Protect Bidirectionally: Agentic architectures break the traditional client-server mold with the ability of agents to take on either role. Agent Governance gives you the ability to protect interactions bidirectionally.

Ensure Performance: A great agent experience depends on speed and reliability – protect your systems from malicious and erroneous traffic surges.

Gain Visibility: Monitor and log all agent-to-agent and agent-to-application activity for easier operations, auditing, and troubleshooting.

MuleSoft Flex Gateway

Flex Gateway is a high performance gateway built to manage and secure APIs and agents, regardless of where they reside. It supports both A2A and MCP, providing comprehensive control across all your agent interactions.

Several new policies for Flex Gateway for the MCP and A2A protocols are now available.

Agent2Agent Protocol:

• Protocol Support: Enable Server-Sent Events (SSE) and perform schema validation.
• Agent Card Policy: Ensure the agent is proxied by Flex Gateway by rewriting the agent card.
• PII Detector: Detect sensitive information in messages sent to and from agents.
• Prompt Decorator: Modify prompt behavior by injecting custom prompts into requests.
• Content Logging with SSE: Log content sent by agents for audit and compliance needs.
• Spike Protection: Protect against sudden surges in traffic that might overwhelm an agent.
• Rate Limiting: Limit the number of requests to an agent over a specific period of time.

Model Context Protocol:

• Protocol Support: Enable MCP support by enabling Server-Sent Events.
• Attribute-based access control: Enable access to MCP servers based on Anypoint access tiers.
• Content Logging with SSE: Log content sent by MCP servers for audit and compliance needs.
• Rate Limiting: Limit the number of requests to an agent over a specific period of time.

Trusted Agent Identity

Ensure the agents can access the right data by delegating users' identity from existing enterprise identity providers like Okta or Entra ID. Enforce responsible and secure agent activity by continuously propagating right agent identity through all interactions across Agent Fabric.

Here are some possibilities for how you might use these policies:

Ensuring privacy and control across the agent-coordinated supply chain

A firm uses agents to coordinate its supply chain, and integrates logistics partners’ agents via A2A protocol. In Flex Gateway, schema validation ensures requests between companies are properly formatted – preventing malformed requests that could result in Agent failure. The prompt decorator policy adds supplier information to give downstream agents context. The PII Detector policy redacts customer addresses in status updates shared with the customer-facing agents for privacy. Zero Trust Agent ID ensures that every agent acting to coordinate the supply chain inherits the approprate permissions to complete its tasks securely and responsibly.

Ensuring seamless, automated banking reconciliation

An organization leverages an AI agent to automate the reconciliation of bank statements with general ledger entries. Flex Gateway sits inline between the agent and the MCP servers for the bank and the general ledger. Implementation of the schema validation policy ensures that data exchanged between the bank's API and the accounting agent adheres to strict formatting rules, preventing discrepancies due to data inconsistencies. Zero Trust Agent ID ensures that only the financial data within the scope of the initiating analyst is accessed. The PII Detector policy can flag any potentially sensitive financial account numbers appearing in the reconciliation logs.

Maintaining performant operations of IoT-agent infrastructure

An agricultural provider uses a fleet of IoT devices, surfaced through an MCP server, alongside a client agent to monitor operations across its fields. The server is protected by Flex. An errant client Agent might cause a spike of configurations sent to the IoT devices simultaneously. The spike control policy implemented in Flex Gateway can prevent the MCP server from being overloaded with this surge of configuration inputs, and it helps ensure service uptime and availability. 

We’ll continue to extend and enhance the capabilities of MuleSoft Agent Governance over time. We’ll increase the breadth of our agent-specific policies for Flex Gateway to enable you to have greater control over agent interactions across Agent Fabric.