Inside MCP: defending the runtime layer of agent security · Arcis Blog

Defenders need controls that can actually refuse malicious tool calls at runtime, not just detect them after the fact, especially as MCP tool-call abuse becomes a real attack surface.

An Arcis blog post argues that agent security has four layers (identity, pre-deploy testing, observability, runtime defense) and that the runtime hot path is structurally underserved. It frames MCP's explicit tool-call contract as enabling runtime defense against agent toolcall injection (their vector V32), applying allowlist/sanitize/refuse techniques at the agent-tool boundary.