Identity-First Reachability™ eliminates the attack surface that AI agents, MCP servers, and LLMs create — addressing the #1 breach vector in enterprise security today
CHARLOTTE, NC — June 2, 2026 —NetFoundry today announced the expansion of its AI Enclave solution with the addition of zero trust MCP and LLM gateways. These solutions enable organizations to deploy and scale agentic AI by:
- Saving organizations up to 50% in AI token costs
- Providing identity, visibility, control and governance
- Dramatically strengthening security, while eliminating firewall and network headaches
With the new AI Gateways and NetFoundry’s Identity-First Reachability™, AI agents are given sovereign machine identities, while not given access to any API keys, service accounts or shared secrets. Meanwhile, MCP and LLM gateways are not reachable by unauthorized agents or cyber attackers. There is no reachable surface for agents to misuse or attackers to exploit. NetFoundry’s MCP and LLM Gateways are the first products to bring this model directly to AI infrastructure.
“NetFoundry provides the secure network foundation Rhapsody needs to support private, policy-based access across distributed healthcare environments, including applications, APIs, workloads, and emerging AI-enabled workflows. That security layer complements our integration platform by helping customers modernize while protecting mission-critical data exchange.”
— Kevin Day, CTO, Rhapsody
The products work across all self-hosted and public LLMs, and are available for on-prem AI (including air gapped), hybrid and cloud.
The launch addresses the fundamental security problem of the AI era: reachability. Every API, AI agent, MCP server, and LLM endpoint that is exposed to the network is a potential entry point, which attackers can now exploit faster than defenders can patch, restrict, or detect.
“Vulnerability exploitation is the #1 breach vector today, surpassing phishing and credential abuse combined, because attackers go after what they can reach. With AI agents, MCP servers, and LLMs, enterprises are rapidly expanding exactly the kind of reachable attack surface that attackers know how to exploit. Identity-First Reachability™ eliminates that surface. Our commercial MCP and LLM Gateways make AI infrastructure invisible by default — so enterprises can deploy at software speed without handing attackers a larger target.”
— Galeal Zino, CEO and Founder, NetFoundry
For AI systems, reachability is compounded. AI agents discover and interact with tools dynamically. MCP servers and APIs are broadly reachable by design. Secrets and API keys proliferate across teams. Employees adopt unauthorized AI tools when official rollouts move too slowly. And changes to infrastructure — firewall rules, VPN configurations, routing policies — slow AI deployments at exactly the moment enterprises are under the most pressure to move fast.
According to Gartner®, “Securing AI applications today remains a nascent market. Broadly, many existing SASE architectures struggle with applicability because servers aren’t directly connected to the SASE fabric and AI applications frequently use direct API calls that bypass traditional SASE control points. Further, the highly unpredictable traffic patterns of AI applications and model access limit the effectiveness of existing signature-based SD-WAN traffic steering and firewalling capabilities.”
— Gartner, Forecast Analysis: Secure Access Service Edge, Worldwide, 2025-2030, By Charanpal Bhogal, Neil MacDonald, etc., May 2026. Gartner is a trademark of Gartner, Inc. and/or its affiliates.
MCP Gateway and LLM Gateway: What They Deliver
Every AI agent, MCP server, and LLM endpoint in a NetFoundry enclave receives its own cryptographic identity. Authorization happens at the service level — not the network level. All connections are initiated outbound, remain end-to-end encrypted, and are continuously authenticated against identity and policy. From the network’s perspective, MCP servers, LLM endpoints, and agent infrastructure are completely invisible until identity and policy authorize the interaction. Inbound ports remain closed with no exceptions.
The MCP Gateway provides zero-trust access to MCP servers from any MCP-compatible client without exposing those servers to the network. It supports multi-backend aggregation, tool namespacing, structural permission filtering, per-client session isolation, centralized multi-user management, role-based access control, and a full enterprise UI for platform teams. Denied tools are removed from the registry entirely — not checked at runtime, gone from the schema.
The LLM Gateway delivers governed OpenAI-compatible access to LLM providers including OpenAI, Anthropic, Azure OpenAI, AWS Bedrock, Google Vertex AI, and private Ollama instances — without distributing API keys or opening ports to inference infrastructure. A three-layer semantic routing cascade (heuristics, embeddings, and an optional LLM classifier) intelligently routes requests to the right model for cost, latency, or data sensitivity. Built-in guardrails include PII detection, content safety filtering, topic controls, and prompt injection detection. Per-identity cost tracking and budget enforcement give platform teams and finance leaders full visibility into AI spend by team and project.
Together, the gateways share a unified identity model, correlated observability, and coordinated governance, enabling platform teams to trace a request from agent through LLM call to tool invocation in a single audit trail.
NetFoundry Accelerator Program: Early Access to Agent2Agent and Next-Generation AI Capabilities
NetFoundry is also announcing the NetFoundry Accelerator Program, a limited early-access program for enterprise platform and security teams seeking to get ahead of the next wave of AI infrastructure challenges. Participants will engage directly with NetFoundry’s product and engineering teams and receive priority access to upcoming capabilities including NetFoundry’s Agent2Agent (A2A) network, a zero-trust fabric for governed, identity-based agent-to-agent communication.
For more information about the new products, visit www.netfoundry.io/ai-deployment-and-protection Enterprises interested in joining the NetFoundry Accelerator Program can apply at www.netfoundry.io/accelerator-program.
About NetFoundry
NetFoundry is the leader in Identity-First Reachability™ — eliminating the reachable attack surface that attackers exploit and defenders struggle to secure. Founded by the inventors and maintainers of OpenZiti, the world’s most widely used open source zero trust platform, NetFoundry enables enterprises to secure and connect AI agents, MCP servers, LLMs, APIs, and OT/IoT infrastructure with no open inbound ports, no VPNs, and no firewall changes. NetFoundry secures billions of sessions for critical infrastructure on three continents and supports Fortune 10 companies across regulated industries including healthcare, financial services, and energy.
Media Contact
mark.jaffe@netfoundry.io | www.netfoundry.io
