Press Release

Safeguard Adds Per-Tool Feature-Flag Gating to Its MCP Server: Every Tool, Governed Per Tenant

Dublin, California·
Safeguard Communications
3 min read

DUBLIN, Calif. — July 6, 2026 — Safeguard today announced per-tool feature-flag gating for its MCP (Model Context Protocol) Server. Every one of the server's 650+ tools now carries its own per-tenant feature flag, so administrators decide — tool by tool — exactly which capabilities their AI assistants can discover and call. The change extends the governance model Safeguard shipped with MCP Server general availability in November 2025, moving from broad allowlisting to per-tool control with safe defaults.

The problem it addresses is scope creep. As teams connect coding agents and assistants to production security data, the tool surface those agents can reach tends to grow faster than the review around it. Turning tools on in bulk is fast but imprecise; leaving everything on is convenient but hard to defend in an audit. Per-tool gating lets teams start narrow and widen access deliberately.

Under the new model, a fresh workspace begins with a small, curated default set of core tools covering the common onboarding loop — connect a repository, scan it, and browse the results. Every other tool remains implemented and available in the platform but stays off until an administrator enables it for that tenant. Administrators toggle any tool from the Safeguard admin console, and the change applies to new assistant sessions.

Enforcement is consistent across both halves of the protocol. The set of tools enabled for a tenant governs discovery — only enabled tools are advertised to the assistant — and execution: a call to a tool that is not enabled for the tenant is refused at the boundary. Because both resolve from the same source, an assistant can never see a tool it cannot call, or call a tool it cannot see.

Two properties make the control safe to operate. First, resolution is fail-safe: if the enabled-tool set cannot be determined — for example, during a transient outage — the server falls back to the small default set rather than exposing anything wider. An outage can never broaden what an assistant can do. Second, the MCP Server is stateless: it holds no database of its own and resolves each tenant's enabled tools from Safeguard's authentication service at connection time, scoped to the tenant, organization, and product context.

"Allowlisting told you which tools an agent could touch. Per-tool flags let you run that decision as a program — default to almost nothing, turn on exactly what a team has earned, and prove it later," said Hritik Kumar Sharma, Founder and CEO of Safeguard. "The part I care about most is the failure mode: when resolution can't complete, the server gets narrower, not wider. Least privilege has to survive an outage, or it isn't least privilege."

"Keeping discovery and execution resolved from one source was the load-bearing design decision," said the Safeguard engineering team. "It removes the class of bug where an assistant is shown a tool it can't run, or worse, can run a tool it was never shown."

Per-tool feature-flag gating is available now to all Safeguard MCP Server customers and requires no change to existing assistant connections.

About Safeguard

Safeguard is the software supply chain security platform that fuses first-party scanners, a security-only AI model lineup (Griffin · Eagle · Lion), and reachability-aware reasoning to find what pattern scanners miss — from CVEs to candidate zero-days — and to ship the fix with cited reasoning. The platform is built for engineering teams shipping production software and for the regulators auditing them. Learn more at https://safeguard.sh.

Media Contact

press@safeguard.sh

productmcpgovernanceleast-privilege
Media contact
Safeguard Press Desk
press@safeguard.sh
Subscribe
Newsroom RSS
/feed.xml