NetFoundry
LP – AI, MCP, and LLM Security

AI Deployment and Protection Secure Your AI Deployments Without Slowing Them Down

  • Deploy a secure, zero trust enclave for your users, AI agents, MCP servers, and LLMs.
  • Avoid wasting time on never-ending firewall rule changes.
  • Centralize AI cost accounting and optimization.

Want to learn more?

MCP Gateway + LLM Gateway. Identity-First Reachability™ for AI.

AI tools need access to internal resources, models, and APIs. Traditional approaches force a choice between security and velocity. These gateways eliminate that tradeoff.

One identity, one security model

Both gateways are built on OpenZiti and share the same zero-trust foundation. They work independently, but they’re designed to work together.

Let’s Talk >>

Secure and Govern LLM and MCP Resources Via a Single, Unified AI Platform


Humans (via devices), MCP servers, AI Agents, and LLMs are securely connected via the NetFoundry policy overlay.
  • A separate, zero trust enclave for all components of your AI deployment
  • No open inbound firewall ports; no network changes, no VPNs required
  • Strong identity-based and authentication for AI agents that’s simple to set up, operate, audit
  • AI agents and MCP servers have no access to API keys and service accounts
  • AI token tracking for cost optimization, accounting, and limit setting
  • LLM routing and multi-model load balancing support

Deploy AI Quickly and Manage Changes Effectively

  • Simple—no open inbound ports
  • Fast deployments—no network or firewall changes required
  • Works in both internally- and externally-controlled environments
  • Optionally build directly into AI components (via SDK)—network as code
  • Can leverage NetFoundry’s existing routing fabric if desired
NetFoundry overlays the traditional network, simplifying and securing with identity-first networking.

Identity-Based Visibility and Control for AI Connectivity


  • All connectivity managed by policy, not network changes
  • Just-in-time programmatic policy changes apply instantly and can have limited duration.
  • Visibility and auditing based on identity, not cumbersome IP addresses
Application dashboard originating from identity-first policy.

Secure Your AI Deployments Without Slowing Them Down

Without NetFoundry: AI Resources Are Exposed on the Network

  • Risk of attacker API exploitation, token theft and impersonation (OWASP Top 10)
  • Ongoing firewall change management headaches

With NetFoundry: AI Resources Are Not Exposed on the Network

AI Agents or Humans, and NetFoundry AI Connectors connect to Virtualized AI Overlay, as do LLMs and MCPs via NetFoundry's AI Gateway
  • 99% risk reduction by eliminating unauthorized network connections
  • Simplified non-human access control and audit by identity, and elimination of firewall rule changes

AI Challenges and NetFoundry Solutions

AI Challenges
NetFoundry for AI Solutions
Agents, MCP servers, and LLMs increase the attack surface area
NetFoundry provides an AI enclave with no open ports available to a potential attacker—it’s invisible
AI agents and MCP servers lack strong identity
NetFoundry provides the identities
AI agents host critical API keys and tokens that are potential targets of an attack
NetFoundry hosts them separately and securely
AI deployments are fluid and highly distributed, so depending on network changes isn’t feasible
NetFoundry doesn’t depend on the network configuration—it doesn’t even require any open inbound ports. So no network changes are required.
AI deployments are difficult to visualize and to audit
NetFoundry provides identity-based visibility and audit

Flexible NetFoundry Deployment Options

OpenZiti

Open Ziti

Self-Hosted Open Source

  • Community support
  • Self-deployed and managed (connectors, routers, controller), self-orchestrated
Self-Hosted

Self-Hosted

Self-Hosted Licensed

  • Enterprise-grade support (24×7)
  • Self-deployed and managed (connectors, routers, controller), self-orchestrated
  • Guidance for resilient, reliable, scalable production architecture and deployment
  • Operations, logging, assurance, and platform LCM tools
  • Contracted relationship (indemnification)
  • FIPS compliant
  • Use case and/or implementation documentation

Cloud

SaaS

  • Enterprise-grade support (24×7)
  • Fully managed by NetFoundry with 99.95% uptime SLA
  • Guidance for resilient, reliable, scalable production architecture and deployment
  • Fully automated LCM of hosted components; LCM support for self-hosted components
  • Contracted relationship (indemnification)
  • FIPS compliant
  • Use case and/or implementation documentation
  • SOC 2 Type II compliant

Simple to deploy, simple to operate, and eliminates 99.99% of exploitation risk

Who Doesn't Love Simple & Secure?

VPN and the other security technologies we relied on the past can no longer cut it in today’s hyperconnected world. NetFoundry’s technology enables us to apply the strictest deny-by-default security principles to every user, device and application in our customers’ networks.

Steve Wulchin

CEO

Freewave
NetFoundy presented us with the opportunity to reset the old clichés and to disrupt long-standing operating models, creating a far more agile workforce and work itself. By collaborating with NetFoundry we are changing the game and building a highly agile digital organization to deliver unmatched innovation to our clients

Damir Jaksic

Chief Information Officer

KEO International Consultants

NetFoundry | KEO
The USA secure connectivity strategy updates (M-22-09) make it clear that the technology industry must begin to take more responsibility for protecting the public from cybercriminals. Intrusion is proud to partner with NetFoundry to help accelerate this transformation to secure by design solutions.

Tony Scott

CEO

Intrusion

NetFoundry | Intrusion
NetFoundry’s Zero Trust B2B solution has significantly enhanced the security and performance of our integration platform, allowing us to deliver reliable and secure services to our customers without S2S VPN and firewall headaches.

Rodrigo Bernardinelli

Co-Founder

Digibee

NetFoundry | Digibee
Zero trust technology that works as advertised.

Kevin Klasey

Director of IT

FreightCar

NetFoundry | FreightCar
NetFoundry enabled us to move to Infrastructure-as-Code automation, including customer connectivity. As we roll this out to our customers, we are changing the game for MIS printing and labeling to deliver unmatched innovation to our clients, without asking them to open firewall ports or manage S2S VPNs.

Nico Delaere

IT and Security Manager

CERM

NetFoundry | CERM
NetFoundry’s Zero Trust B2B met our customer’s most stringent security requirements – no permitted IP addresses in their firewalls and no S2S VPNs.

John Wilson

CEO

TZ Limited

NetFoundry | TZ
We are committed to making the world a safer place, and we are just as committed to protecting our clients’ data and information. Partnering with NetFoundry is the best way.

Steve Lindsey

CTO and CIO

LVT

NetFoundry | LVT
NetFoundry | Secure by Design
Products
Solutions
Industries
Secure by Role
Why NetFoundry