---

🛡️ AegisGate Security Platform™ — Secure Every AI Interaction

The only AI security platform with native HTTP API, MCP, A2A, ACP, AND RESPONSE protection. Five pillars. One gateway. Zero external dependencies.

🌐 Website • 📊 Pricing • 📚 Docs • 🔒 Security • 💬 Discussions

---

The Problem

Your AI infrastructure spans multiple attack surfaces — and most teams are only protecting one. Traditional security solutions (WAFs, API gateways) weren't designed for AI-specific threats like prompt injection, agent impersonation, or tool poisoning.

Attack Surface Comparison

Attack Surface	Risk	Traditional	AegisGate
HTTP APIs	Prompt injection, data leakage, PII exposure	⚠️ WAFs exist (AI-agnostic)	✅ AI-aware scanning, PII detection
MCP Protocol	Tool poisoning, session hijacking, supply-chain attacks	❌ No native protection	✅ Built-in protocol guard
A2A Communication	Agent impersonation, data tampering, capability escalation	❌ No native protection	✅ Agent-to-agent verification
Agent Response	PII leakage, secret exposure, hallucination, toxicity	❌ No native protection	✅ Real-time response guard
ACP Protocol	Message tampering, capability escalation, replay attacks	❌ No native protection	✅ HMAC-signed messages
ANP Protocol	Protocol downgrade, routing manipulation, message injection	❌ No native protection	✅ Message validation, routing integrity

AegisGate fills these gaps with a single unified platform.

AegisGate secures all six in a single 19 MB binary you deploy in 60 seconds.

---

Five Pillars of AI Security

🌐 HTTP API Security

Bidirectional scanning of every request and response with 144+ detection patterns:

Category	Patterns	Coverage
MITRE ATLAS	52 techniques	Adversarial AI tactics
OWASP LLM Top 10	49 patterns	LLM01–LLM10
Secrets Scanning	44+ regex patterns	API keys, tokens, credentials
PII Detection	12+ patterns	GDPR/CCPA compliance

Features:

• Bidirectional inspection — scans both requests and responses
• Rate limiting — per-client, per-IP with token-bucket algorithm
• Circuit breaker — automatic failure recovery
• Tamper-evident audit — RFC 5424-compliant structured logging
• SIEM integration — CEF (ArcSight), LEEF (QRadar), STIX 2.1

🔗 MCP Protocol Protection

Session authentication, tool authorization, and 8 guardrails for every MCP connection:

#	Guardrail	Description
1	Session Authentication	Auth required for all MCP sessions
2	Concurrent Session Limits	Max simultaneous sessions per tier
3	Tools per Session	Max tools available per session
4	STDIO Validation	Command injection prevention
5	Execution Timeout	Max execution time per tool call
6	Memory Monitoring	Alerts at configurable threshold
7	Per-Client RPM	Max requests/minute per client
8	Tool Authorization	Risk-based tool call approval matrix

🤝 A2A Agent-to-Agent Security

Zero-trust guardrails for inter-agent communication — the first purpose-built A2A security layer:

#	Guardrail	Description
1	mTLS Authentication	X.509 certificate verification with agent identity
2	HMAC-SHA256 Integrity	Full request body validation
3	Capability Enforcement	Least-privilege per agent from YAML config
4	Token-Bucket Rate Limiting	Per-agent request quotas (default 100 req/min)
5	Request Size Limits	Rejects bodies > configurable limit
6	Timeout Enforcement	Configurable request timeouts
7	License Validation	ECDSA P-256 cryptographic enforcement
8	Audit Logging	RFC 5424 structured log per request

🛡️ Agent Response Security (v3.1)

Protection for LLM outputs — the fourth pillar of AI security:

#	Guardrail	Description
1	PII Scanner	Detects SSN, credit cards, emails, phones, health info
2	Secret Detector	Detects API keys (Stripe, GitHub, AWS, OpenAI, Slack)
3	Hallucination Detector	Identifies false statements, overconfidence, unverified claims
4	Toxicity Filter	Detects hate speech, violence, harassment
5	Token Limiter	Rate limiting for response token counts
6	Response Redactor	Intelligent redaction with multiple strategies
7	Compliance Reports	Auto-generates GDPR, HIPAA, PCI-DSS, SOC2 reports
8	Response Guard Middleware	Unified scanning for HTTP, MCP, A2A

Features:

• Bidirectional inspection — scans both requests AND responses
• 12 PII categories with validation (SSN format, Luhn algorithm for CC)
• 10 secret patterns with provider detection
• Real-time hallucination detection with risk scoring
• Fail-closed security — blocked responses return sanitized versions
• Sub-5ms scanning latency (typical response scan < 1ms)

---

🔐 ACP Protocol Security (v3.1)

Agent Communication Protocol — The newest pillar for agent-to-agent security.

The ACP guard provides comprehensive protection for agent communication:

Feature	Description
HMAC Verification	Full message body signature validation
Rate Limiting	Per-session token-bucket algorithm
Response Scanning	PII, secrets, toxicity, hallucination detection
Capability Enforcement	Fine-grained permission control
Input Validation	Method blocking, schema validation

// ACP middleware integrates seamlessly
import "github.com/aegisgatesecurity/aegisgate-platform/pkg/acp"

func main() {
    scanner := acp.NewACPResponseScanner()
    mw := acp.NewMiddleware(scanner)
    http.Handle("/acp/", mw.WrapHandler(handler))
}

• Coverage: 90.1% | Tests: 164 | Metrics: 10 Prometheus counters

🔐 Enterprise Authentication

Production-grade SSO and access control — not stubs:

Feature	Tier	Details
OIDC / OAuth 2.0	Community+	Full OpenID Connect with PKCE, auto-discovery
SAML 2.0	Community+	SP-initiated login, pre-configured templates
RBAC	Community+	Role-based access control with session-scoped permissions
Tool Authorization Matrix	Community+	Risk-weighted tool call approval by role
License Enforcement	Community+	ECDSA P-256 cryptographic validation
API Key Fallback	Community+	Key-based auth for CI/CD pipelines

Pre-configured provider templates for Azure AD, Okta, and Google Workspace.

---

📊 Compliance Frameworks

Maps security controls to 9 frameworks across all tiers:

Framework	Category	Patterns	Tier
MITRE ATLAS	Adversarial AI	52 techniques	Community
NIST AI RMF 1.500	AI Risk Management	Full coverage	Community
OWASP LLM Top 10	LLM Security	49 patterns	Community
GDPR	Data Protection	PII detection, retention	Community
HIPAA	Healthcare	PHI detection, BAA available	Professional
PCI-DSS	Payment Security	Card data detection	Professional
SOC2 Type II	Enterprise Controls	CC6.6 monitoring	Professional
ISO 27001	Information Security	Full framework	Professional
ISO 42001	AI Management	AI-specific controls	Professional

All framework modules are fail-closed — if a compliance check cannot be evaluated, the request is blocked.

Threat Model

Comprehensive threat analysis with STRIDE methodology, CVSS scoring, and MITRE ATLAS mappings:

Element	Coverage
STRIDE	41 threats across HTTP, MCP, A2A, Response
Data Flow Diagrams	3 DFDs with trust boundaries
Attack Trees	4 major attack vectors
CVSS 3.1	25+ threats scored (7 Critical, 11 High, 7 Medium)
MITRE ATLAS	Full ATLAS-MCP, ATLAS-A2A, ATLAS-LLM coverage

---

🏗️ Architecture

%%{init: {'theme': 'dark', 'themeVariables': { 'primaryColor': '#00ADD8', 'primaryBorderColor': '#00ADD8', 'lineColor': '#F97583', 'secondaryColor': '#238636', 'tertiaryColor': '#1f6feb'}}}%%
flowchart TB
    subgraph "Client Layer"
        A[💻 HTTP Client]
        B[🤖 MCP Client]
        C[🤝 A2A Agent]
    end
    subgraph "AegisGate Platform v3.1.0"
        subgraph "Entry Points"
            D["🌐 HTTP Proxy\n:8080"]
            E["🔗 MCP Server\n:8081"]
            F["🤝 A2A Endpoint\n:8082"]
            G["📊 Dashboard\n:8443"]
        end
        subgraph "Security Core"
            H[🔍 Scanner — 144+ patterns]
            I[🛡️ A2A Guardrails — 8 guardrails]
            J[⚡ Rate Limiter — token-bucket]
            K[📋 Audit Logger — RFC 5424 + hash chain]
        end
        subgraph "Auth & Access"
            L["🔐 SSO — OIDC/SAML"]
            M["🛡️ RBAC Engine"]
            N["🔑 Tool Authorization Matrix"]
            O["📜 License — ECDSA P-256"]
        end
        subgraph "Compliance"
            P[ATLAS • NIST • OWASP]
            Q[HIPAA • PCI • SOC2 • ISO]
        end
        subgraph "Persistence"
            R[(💾 Data Store)]
            S["📝 Audit Logs — tamper-evident"]
            T["🔑 Cert Store — mTLS"]
        end
    end
    subgraph "Upstream"
        U[🤖 AI Services]
        V[🛠️ MCP Tools]
        W[🤝 Peer Agents]
    end
    A --> D
    B --> E
    C --> F
    D --> H & J & K
    E --> M & N & K
    F --> I & J & K
    H --> P & Q
    I --> M
    L --> M
    O --> M
    M --> R
    K --> S
    T --> D & E & F
    P & Q --> U & V & W

Loading

---

⚡ Performance (v3.1.0 Benchmark)

Metric	Target	Achieved	Status
Peak Throughput	10,000+ RPS	24,806 RPS	✅ 2.1x exceeded
Average Latency	< 10ms	3.2 ms	✅
P95 Latency	< 50ms	43.78 ms	✅
P99 Latency	< 100ms	~70 ms	✅
Error Rate	< 0.1%	0.00%	✅
Binary Size	< 50MB	19.1 MB	✅
Code Coverage	95%+	97.8%	✅
Tests Passing	—	5,484	✅
CVEs	0	0	✅

Full methodology in PERFORMANCE.md. k6 load testing, 60+ second scenarios, real attack vectors.

---

🚀 Quick Start

Docker (30 seconds)

docker run -d \
  --name aegisgate \
  -p 8080:8080 \
  -p 8081:8081 \
  -p 8443:8443 \
  -p 8082:8082 \
  -v aegisgate-data:/data \
  ghcr.io/aegisgatesecurity/aegisgate-platform:latest

Kubernetes (Helm)

helm repo add aegisgate https://charts.aegisgatesecurity.io
helm install aegisgate aegisgate/aegisgate-platform \
  --set aegisgate.config.tier=community

Includes HPA autoscaling, NetworkPolicy, ServiceMonitor, rolling updates.

Verify

curl http://localhost:8443/health
# {"status":"healthy","version":"v3.1.0","tier":"community",...}

---

🔄 Integration Examples

OpenAI Client

import openai
openai.api_base = "http://localhost:8080/v1"  # AegisGate proxy

response = openai.ChatCompletion.create(
    model="gpt-4",
    messages=[{"role": "user", "content": "Hello!"}]
)
# AegisGate scans request/response, logs to audit trail

MCP Client

from mcp.client import Client

client = Client(
    name="secure-agent",
    version="1.0.0",
    transport="stdio"
)
await client.connect()
# All tool calls pass through 8 guardrails

A2A Agent (mTLS)

import requests
import ssl

# mTLS with AegisGate
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
ssl_context.load_cert_chain("agent.crt", "agent.key")
ssl_context.load_verify_locations("aegisgate-ca.crt")

response = requests.post(
    "https://aegisgate:8082/a2a",
    json={"agent_id": "my-agent", "action": "query"},
    cert=ssl_context
)
# mTLS + HMAC + capability enforcement + audit

---

🛡️ Security Hardening

Built-in Security

Feature	Description
Self-signed CA	Auto-generates certificates on first run
mTLS	Mutual TLS for A2A agent communication
Fail-Closed	Unknown requests are blocked by default
Tamper-Evident Logs	Hash chain audit trail (legally admissible)
RFC 5424 Syslog	Structured logging for SIEM integration
Zero CVEs	All dependencies scanned, 0 vulnerabilities
Threat Model	Full STRIDE analysis, CVSS scoring, MITRE ATLAS mapping

Threat Model (v3.1 — Full STRIDE Analysis)

Category	Coverage	Top Threat
HTTP API	10 STRIDE threats	License bypass (CVSS 9.8)
MCP Protocol	10 STRIDE threats	Session spoofing (CVSS 9.5)
A2A Agent	10 STRIDE threats	Impersonation (CVSS 9.1)
AI Response	11 STRIDE threats	PII disclosure (CVSS 9.1)
ANP Protocol	8 STRIDE threats	Protocol downgrade (CVSS 8.2)
ACP Protocol	9 STRIDE threats	Message tampering (CVSS 9.3)

SIEM Integration

# Enable SIEM output
logging:
  format: rfc5424  # or cef, leef, json
  siem:
    endpoint: splunk.company.com:8089
    protocol: raw tcp
    facility: local0

Supports: Splunk (CEF), IBM QRadar (LEEF), ArcSight (CEF), Elastic (JSON), Microsoft Sentinel (JSON)

---

✨ Features at a Glance

Category	Feature
HTTP Security	Bidirectional scanning · 144+ patterns · Rate limiting · Circuit breaker
MCP Security	8 guardrails · Session isolation · Tool authorization · STDIO validation
A2A Security	mTLS · HMAC-SHA256 · Capability enforcement · Per-agent rate limiting
ACP Security	HMAC verification · Per-session rate limiting · Message validation · Response scanning
Authentication	OIDC/OAuth 2.0 + PKCE · SAML 2.0 · RBAC · API keys
Compliance	ATLAS · NIST AI RMF · OWASP · HIPAA · PCI · SOC2 · ISO 27001/42001 · GDPR
Observability	Prometheus metrics · RFC 5424 audit · Hash chain logs · Grafana dashboard
Deployment	Docker (19.1MB) · Kubernetes + Helm · HPA · NetworkPolicy · Rolling updates
SIEM	RFC 5424 · CEF (ArcSight) · LEEF (QRadar) · STIX 2.1

---

🎯 Tier Comparison

Feature	Community	Developer	Professional
Core Security
HTTP Proxy	✅	✅	✅
Secret Detection/Masking	✅	✅	✅
PII Detection	✅	✅	✅
Response Guard
Toxicity Detection	✅	✅	✅
Hallucination Detection	—	✅	✅
Real-time Response Scanning	✅	✅	✅
Protocol Guards
MCP Guardrails	8	8	8
A2A Guardrails	8	8	8
ACP Protocol (HMAC-signed)	✅	✅	✅
Message Tampering Protection	✅	✅	✅
Replay Attack Prevention	✅	✅	✅
Capability Escalation Control	✅	✅	✅
Rate Limiting	✅	✅	✅
Compliance Frameworks
MITRE ATLAS	✅	✅	✅
NIST AI RMF	✅	✅	✅
OWASP LLM Top 10	✅	✅	✅
Access Control
OIDC / SAML SSO	—	✅	✅
RBAC	Basic	Advanced	Granular
Data Privacy
GDPR	View	Full	Full
HIPAA	—	—	✅
PCI-DSS	—	—	✅
SOC2	—	—	✅
ISO 27001	—	—	✅
Integrations
SIEM Integration	—	✅	✅
Redis/SQLite	—	✅	✅
PostgreSQL/S3	—	—	✅
Kubernetes/Helm	—	✅	✅

See aegisgatesecurity.io/pricing for full tier details.

---

📚 Documentation

Document	Description
PERFORMANCE.md	Sprint 10 load testing results (24,806 RPS, 3.2ms)
SECURITY.md	Security policies and vulnerability disclosure
CHANGELOG.md	Release history
docs/METRICS.md	Prometheus metrics reference
docs/A2A Technical Spec	A2A security deep dive

---

🔒 Security Disclosure

Email: security@aegisgatesecurity.io

Item	Detail
Response Time	48 hours
Resolution Target	90 days
PGP Key	Available on request

---

🤝 Community

• X/Twitter: @aegisgatesec
• GitHub Discussions: Discussions
• GitHub Issues: Issues
• Website: aegisgatesecurity.io

---

📋 Version Support

Version	Status	Notes
v3.1.0	✅ Current	MITRE ATLAS 66 techniques, RESPONSE scanning, 97.8% coverage, 5,484 tests
v2.0.0	✅ Supported	A2A guardrails shipped
v1.3.x	⚠️ Legacy	Community support only

---

🙏 Acknowledgments

• MCP Protocol — Model Context Protocol
• A2A Protocol — Agent-to-Agent communication standard
• ACP Protocol — Agent Communication Protocol security layer
• MITRE ATLAS — AI threat framework
• NIST AI RMF — AI risk management
• OWASP LLM Top 10 — LLM security
• RFC 5424 — Syslog protocol

---

AegisGate Security, LLC — aegisgatesecurity.io

Built with 🖤 by security professionals, for security professionals.

© 2024-2026 AegisGate Security, LLC