What's New in Ceros: MCP Gateway, Tool Policy Enforcement, and Agent Detection Improvements

Written by

Beyond Identity

Published on

April 7, 2026

Table of contents

TOC

TLDR

‍Our most recent release adds three capabilities security teams have been asking for:

A centralized MCP gateway and registry for distributing and governing tool access
Argument-level policy enforcement on tool calls, and automatic detection of every AI agent installed across your devices. You can now answer "which agents are running, what tools can they reach, and what exactly are they allowed to do with them" from a single console.

The Problem: Tool Access Is the New Perimeter, and Nobody Is Governing It

AI agents interact with your infrastructure through tools. MCP servers expose databases, APIs, file systems, and internal services to any agent with a connection string. The number of MCP servers in the average enterprise environment is growing faster than security teams can inventory them.

Compounding Problems
Problem	What happens
No central registry	Teams spin up MCP servers independently. Security has no map of what is exposed.
Binary access control	Agents either have access to a tool or they do not. No control over how they use it.
Invisible agent sprawl	Users install Claude Code, Cursor, OpenClaw, and other agents on managed and unmanaged devices. IT finds out after an incident.

Until now, governing agent tool access meant choosing between blocking everything or allowing everything. This release changes that.

Introducing the MCP Gateway, Tool Policies, and Agent Detection

Three new capabilities, each addressing a different layer of the governance stack.

MCP Gateway and Registry

The MCP Gateway is a centralized control point for every MCP server in your environment. Configure any MCP server once in the Ceros console and distribute it to your users from a single place.

A built-in registry of verified servers removes the guesswork from setup. Instead of each developer finding and configuring servers independently, admins publish approved servers to the registry. Users see what is available. Security controls what is allowed.

# Example: Publishing an MCP server to the Ceros registry
server:
	name: "internal-docs-search"  
	type: mcp  endpoint: "https://mcp.internal.example.com/docs"  
	verification: verified  
	policy:    
		allowed_agents: ["claude-code", "cursor"]    
		allowed_operations: ["search", "read"]    
		denied_operations: ["write", "delete"]  
	distribution:    
		groups: ["engineering", "product"]

Policy enforcement happens at the gateway. You control which tools agents can access and how they use them before any request reaches the downstream server.

Argument-Level Tool Policies

Previous releases let you control which tools an agent could access. This release adds control over what agents can do with those tools.

Admins now apply policies directly to tool arguments. This is the difference between "this agent can use the database tool" and "this agent can use the database tool, but only for read queries against the analytics schema, and only during business hours."

Argument-level tool policies
Before	After
Allow or deny tool access	Allow or deny specific arguments within a tool call
"Agent can access the SQL tool"	"Agent can access the SQL tool with SELECT only, against analytics.*, between 08:00 and 18:00 UTC"

This closes the gap between coarse-grained access control and the fine-grained governance that compliance and security teams need.

Agent Detection Across Your Fleet

Ceros now detects agent installations across your managed devices. The console shows which agents are installed, which users are running them, and on which machines.

Are your developers running Claude Code? Is someone on the finance team running Cursor on an unmanaged laptop? You will know.

Time-period filtering lets you track adoption trends: which agents are growing, which are declining, and where new installations are appearing. This is the visibility layer that makes policy enforcement meaningful. You cannot govern what you cannot see.

Getting Started

All three capabilities are live now in the Ceros console. 2-step command line setup, for free. Full setup documentation is at agent.beyondidentity.com/docs.

FAQ

What is the MCP Gateway in Ceros?

The MCP Gateway is a centralized control point for managing and distributing MCP servers to your users. It includes a built-in registry of verified servers, group-based distribution, and inline policy enforcement. Admins configure servers once and control access from the Ceros console rather than managing individual configurations per user or team.

How do argument-level tool policies work?

Argument-level policies let admins define rules on the specific parameters an agent passes to a tool, not just whether the agent can access the tool at all. Policies evaluate each tool call's arguments against your rules before the request reaches the downstream MCP server. If a call violates a rule, it is blocked and logged.

Which AI agents does Ceros detect?

Ceros detects agent installations across your managed device fleet, including Claude Code, Cursor, OpenClaw, and other AI coding assistants and autonomous agents. Detection covers which agents are installed, which users are running them, and which machines they are on. Time-period filtering shows installation trends over time.

Does the MCP Gateway work with any MCP server?

Yes. The gateway supports any MCP-compliant server. The built-in registry provides a curated set of verified servers for faster setup, but you can add any custom or internal MCP server to the gateway and apply the same policy enforcement and distribution controls.

‍

Share this post

Beyond Identity