MCP Audit Gateway
Evidence and control for every AI agent tool call. In your environment, not ours.
The control gap
MCP is moving quickly, but most enterprises still don't have a proper control plane for it.
Teams are starting to spin up MCP servers across the business, and each one brings its own authentication model, data exposure risk, and audit gap. Without a gateway in the middle, security teams are left with one safe answer: "no".
That slows everything down. The AI use cases are there, but adoption stalls because the controls aren't.
One reverse proxy. Three risk shapes reduced.
Full audit trail
Every tool call logged with agent identity, masked arguments, decision, and latency. Stream to Azure Log Analytics, OTLP, or stdout.
Policy enforcement
Identity allow-lists, deny-pattern regex, sliding-window rate limits, time-windowed access. Hot-reloaded from config.
Sensitive data redaction
PCI DSS, GDPR, and HIPAA-aligned detectors built in. PAN (Luhn-validated), email, UK NIN, SSN, IPv4/IPv6, phone, JWT. Add your own patterns.
Deployment
Azure Managed Application
One-click from Azure Marketplace. Deploys into your subscription. MACC-eligible, billed through Azure.
Self-hosted Docker
Any cloud, any Kubernetes, on-prem. Same product, no Azure dependencies. Annual licence direct from Weldon Web.
Request a quote →Latest posts
All posts →Privilege at the Tool Call: AI Agents Inside Law and IP Firms
Law and IP firms handle information where confidentiality is not a compliance box. It is the product. An AI agent with unrestricted tool access can waive legal professional privilege by surfacing protected material in the wrong context.
No Journal Postings at 3am: Time-Windowed Access as a Control
An allowlist controls which tools an AI agent can call. A time window controls when. A legitimate tool call at the wrong time is not legitimate at all.
Deny by Default: How AI Agents Quietly Accumulate Excessive Privilege
MCP servers expose every tool equally. The finance agent that posts journals can also call delete_account. Human users go through access reviews. AI agents get full tool access on day one.
Consulting
Need help deploying MCP at scale?
I also take on consulting work for teams rolling out Model Context Protocol across enterprise estates. Azure-heavy, integration-heavy, evidence-first.
Talk about an engagement →Open Source
APIM MCP Reference Architecture
Production-ready Terraform modules to deploy Entra ID governed Model Context Protocol servers behind Azure API Management.
View on GitHub →