cd /news/ai-agents/how-to-protect-your-mcp-server-with-… · home topics ai-agents article
[ARTICLE · art-52858] src=fastly.com ↗ pub= topic=ai-agents verified=true sentiment=↑ positive

How to protect your MCP Server with Fastly

Fastly announced a prototype to secure Model Context Protocol (MCP) servers, addressing AI-specific attack vectors, production-scale performance, and authentication complexity for a major global publisher. The solution combines Fastly's Global Network, Bot Management, Next-Gen WAF, and Media Shield to protect AI agent infrastructure.

read3 min views1 publishedJul 9, 2026
How to protect your MCP Server with Fastly
Image: Fastly (auto-discovered)

As organizations rapidly adopt AI agents and agentic workflows, Model Context Protocol (MCP) servers are becoming a foundational integration layer between AI models and enterprise systems. While they accelerate development and simplify tool integration, they also introduce a new class of security challenges. Unlike traditional API traffic that’s typically deterministic and narrowly scoped, MCP traffic enables dynamic tool discovery, natural language-driven interactions, and orchestration across trust boundaries. These characteristics expand the attack surface and require security controls that extend beyond conventional API protection.

When a major global publisher approached Fastly asking for help securing their MCP server backbone connecting their AI agents with real-time financial data and tools, our team sprang into action to build a prototype that any organization can follow the architecture of to protect theirs. The following outlines the process and outcomes they achieved, providing a practical reference for organizations working to secure their own MCP environments.

Fastly MCP Protection Prototype #

To protect their MCP server, the Fastly prototype needed to adhere to three key requirements:

Detect and mitigate AI-specific attack vectors– OWASP and AI-specific attacks targeting the MCP server must be mitigated** Ensure production-scale performance**– Sub-100ms latency is mandatory and the solution must handle at least 100Mbps throughput** Allow authentication complexity**– A mix of IP-based, token-based, and mTLS authentication models must be allowed without false positives

To address these requirements, the prototype combined the flexibility and customization of multiple existing Fastly capabilities. While we won’t dive into the details of their unique implementation (but are happy to help your organization mirror the security outcomes privately), each of these solutions provided the customer with another layer of protection for their MCP server.

Here’s how the prototype paired them together to solve the customer’s requirements:

provides more than just 578 Tbps global capacity and performance benefits, enabling customers to implement custom traffic logic as it enters the network. This configuration flexibility allowed rules to be implemented as intended MCP traffic hit our network that automatically blocked unexpected content types like xml and restrict HTTP methods.__Fastly’s Global Network____Fastly Bot Management__provides visibility into the automated traffic heading to the MCP server, allowing rules to be created to block unwanted automation clients, bots with bad fingerprints, and generally malicious bot traffic.__Fastly Next-Gen WAF__provides the ability to mitigate OWASP attacks and LLM-specific attacks like encoded prompt injection and jailbreak phrases. The prototype leverages its rate limiting capabilities to incorporate policies against IPs or API keys that exceeded expected norms.__Fastly Media Shield__provides a designated Fastly POP as anchor for all MCP server traffic before it ultimately goes to origin. This enables the prototype to reduce origin load while speeding up connections by reducing the time required for costly multi-roundtrip handshakes.

Key results

With these four solutions implemented and tuned for protecting the customer’s MCP server, the team ran a 10-week trial to see how it stacked up against the customer’s requirements and found it far exceeded them.

Requirement | Desired Metric | Result | Latency (average) | < 100ms | | Upload throughput | 100 Mbps | | Max payload size | 200MB+ | | Authentication Flexibility | IP-based, token-based, and mTLS model acceptance | |

Fastly for AI Infrastructure #

Fastly's platform is uniquely positioned in the request path to secure and accelerate AI agent infrastructure because it was purpose-built for the edge where performance and security must coexist.

Performance without compromise: Inspection adds negligible latency; Fastly's global scale and resilience keeps AI agents performantProgrammable security: Network and Next Gen-WAF rules can be tuned for the novel patterns of MCP and agentic trafficReal-time visibility: Security teams see everything, in near real-time, without waiting for batch log exportsAI-native threat mitigation: Policies for prompt injection, tool abuse, and bot-driven enumeration can be easily created and paired with out-of-the-box OWASP-style attack protections

As AI and associated technologies continue to rise in adoption, Fastly’s MCP server protection prototype is just one example of how Fastly can help your business confidently adopt emerging technologies without increasing risk. Contact us if you’d like to learn more about the prototype or how we can help your business in the AI era.

── more in #ai-agents 4 stories · sorted by recency
── more on @fastly 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/how-to-protect-your-…] indexed:0 read:3min 2026-07-09 ·