As organizations across the spectrum introduce agentic AI into their enterprise, they need new solutions for integrating these capabilities within their IT infrastructure. In order for AI agents to deliver great experiences, they need to communicate with your applications for business context, and with each other.
The recently-launched Agent2Agent Protocol (A2A) and Model Context Protocol (MCP) are quickly changing the paradigm for how agents interact with each other and with traditional applications. But while these protocols promise improved efficacy and productivity for AI agents, they also increase threats to the enterprise.
We are introducing Governance for Agent Interactions, a set of capabilities to ensure that you can govern and control all your agent interactions across your enterprise. As part of that initiative, we’re excited to announce that Anypoint Flex Gateway now supports MCP and A2A protocols. This extends our previously announced support for MCP in the Anypoint Platform – giving you the ability to build, manage, and protect APIs across the agent lifecycle with MuleSoft. We will discuss the challenges of managing and protecting agent actions, why we’ve added MCP and A2A support, and how you can leverage these new features.
Challenges of securing and managing agent interactions
Agents present challenges that are both familiar and novel to IT teams. To deliver reliable, robust agentic AI across the enterprise, you need to protect against high request volumes, both erroneous and malicious. You need to implement zero-trust principles, ensuring every client – human, application, or agent – is properly authenticated. You also need visibility across every request, whether human-to-agent, agent-to-agent, or agent-to-application.
What’s new is agents act probabilistically instead of deterministically. Consistent input doesn’t always mean consistent output. And the bidirectionality of both MCP and A2A turns simple client-server framing of your architecture on its head. What this means for your enterprise is that you need to implement security and control with greater precision and meticulousness across all your endpoints.
MuleSoft Flex Gateway is the ideal solution for this. It’s an ultrafast, lightweight API gateway designed to manage and secure APIs running in the cloud, on-premises, or in hybrid environments. It’s part of MuleSoft’s API Management solution, enabling organizations to govern all APIs, and now MCP and A2A servers, under a single control plane.
Model Context Protocol (MCP)
The Model Context Protocol (MCP) is an open standard designed to give agents the ability to easily access data and take action in your existing systems by facilitating secure, bi-directional communication.
Flex Gateway enhances MCP integration scenarios by:
- Securing connections: Ensuring only authorized agents can access the MCP endpoints
- Enforcing SLAs: Helping your organization meet performance requirements through enforcement of rate limits
- Simplifying governance: Providing centralized visibility and control over all interactions
For example, an enterprise might use MCP to give order management capabilities to a fleet of customer service agents. Flex Gateway ensures these interactions are secure, observable, and compliant with organizational policies.
The Agent-to-Agent Protocol (A2A)
Agent-to-Agent (A2A) communication enables direct interactions between agents, a cornerstone of AI-driven connectivity. In A2A use cases, agents collaborate to perform complex tasks, such as processing data pipelines or coordinating real-time decisions, without relying on a central intermediary.
Flex Gateway supports A2A by:
- Protecting agent interactions: Requiring that agents are invoked with appropriate authentication and authorization
- Enhancing agent requests: Modifying incoming prompts with additional context to improve server agent execution
- Providing centralized oversight: Enabling frictionless agent visibility, logging and insights for debugging and optimization
Imagine a scenario where multiple AI agents work together to analyze market trends. Flex Gateway ensures these agents can communicate securely and efficiently, providing enterprises with a robust platform for distributed AI applications.
Sample Flex Gateway policies
To help you leverage MCP and A2A support, we’ve developed new sample polices for these use cases:
- Protect A2A server agents: Rewrites the agent card to route traffic through Flex Gateway, proxying the A2A server agent
- Prevent prompt injection attacks: Modifies incoming prompts with additional context before they reach the A2A server agent
- Filter Personal Identifiable Information (PII): Prevent the server agent from receiving sensitive personal data, such as names, Social Security numbers, email addresses, and phone numbers
These sample policies provide a foundation for protecting your MCP and A2A server endpoints. Using these sample policies is simple and requires just a few steps. Learn how to introduce a policy from a GitHub directory as a custom policy in Anypoint Platform’s API Manager (APIM).
Governed agentic AI interactions with MCP and A2A
MuleSoft’s new support for MCP and A2A protocols marks a significant step forward in managing and governing agentic AI interactions across your business. With MuleSoft, you can realize interaction governance, robust security, comprehensive observability, and streamlined management across your agent and non-agent APIs.
