Guardbase launches Coding Agent Attack Matrix — framework for coding agent threat modeling
Trusted Tools

One trusted place to get MCP servers and agent skills.

A vetted catalogue your teams pull from, served through one gateway, and watched at runtime. Not another list of what's banned.

CLAUDE CODE CURSOR CODEX GEMINI GITHUB MCP LINEAR MCP POSTGRES MCP SLACK MCP
The supply chain

Your agents' tools come from anywhere.

Pulled from anywhere

MCP servers and skills get added like npm packages: from repos, registries, and blog posts. Nobody checks the source.

Vetted once isn't vetted

A server that was clean at review can start serving malicious tool descriptions tomorrow. A static allowlist never sees it happen.

One in three

Snyk found prompt injections in 36% of the agent skills it analyzed. The supply chain is already compromised. Source

How it works

Vetting that doesn't stop at review.

Your team decides what enters the catalogue. The gateway serves it, and keeps checking every request after.

01 Your team decides

Vetted in

Your security team vets what enters the catalogue: who's behind a server, which tools it exposes, and what its descriptions actually say. Guardbase offers a curated starter set.

02 One URL

Served through one gateway

Employees paste one gateway URL into their agent and authorize once. Credentials are stored and rotated by Guardbase, not scattered across laptops.

03 Inline monitoring

Watched at runtime

Requests through the gateway are checked for prompt injections in tool descriptions. A poisoned response is blocked before it reaches the agent.

Per-tool exposure

Expose the server, or just three of its tools.

For every MCP server in the catalogue, admins choose what each user or group gets: everything the server exposes, or a subset. The agent never sees the rest.

github mcp Engineering
issues.read Exposed
issues.create Exposed
pulls.read Exposed
repos.delete Hidden
secrets.read Hidden
Connected to inventory

Nothing unvetted goes unnoticed.

The catalogue isn't a wishlist. It's connected to what actually runs on your endpoints.

01

Found

Agent Inventory spots an MCP server on an endpoint that isn't in the catalogue. It shows up as an open alert.

02

Decide

Route it through the gateway, or allowlist it for local use. Stdio servers included.

03

Resolved

The alert closes itself when the server is vetted into the catalogue or disappears from the endpoint.

For your teams

A catalogue people actually use.

Self-serve

Browse the catalogue in the browser, request access or entirely new servers. No ticket to security.

Works like any MCP server

One URL, authorize once, done. The agent sees the tools as if it were connected directly.

No context bloat

Every exposed tool definition eats tokens from the agent's context window. Endpoints bundle just the servers a team needs under one URL, so the context stays available for actual work.

The catalogue is better with eyes on the fleet.

Trusted Tools deploys standalone. Paired with Agent Inventory, every unvetted server on an endpoint surfaces on its own.

FAQs

Common questions.

Your security team. Guardbase provides a curated starter set to begin from, and employees can request new servers through the portal.

Who hosts and authors the server, which tools it exposes, and what its descriptions return, including screening for prompt injections. And because that can change after review, the gateway keeps checking at runtime.

Local servers can be allowlisted for use on the endpoint. Inline monitoring applies to traffic through the gateway.

The request is blocked inline, before the poisoned content reaches the agent.

MCP servers today. A skills registry is on the roadmap.

No. Trusted Tools deploys standalone. Pair it with Agent Inventory and the catalogue stays connected to what actually runs on your endpoints.

More questions? Book a call →

Give your teams a trusted source.

Book a demo and see the catalogue, the gateway, and a poisoned response getting blocked.