Industry-Leading AI Security for MCP Ecosystems
Runlayer ToolGuard is an industry-leading suite of specialized machine learning models that protect your MCP environment from tool poisoning, prompt injection, and output manipulation attacks. With fast 50-100ms inference times, ToolGuard delivers real-time threat detection without compromising performance.Currently featuring two specialized threat classification models, with additional models in active development to address emerging attack vectors.
The Models
Tool List Guard
Scans tool definitions at registration to detect malicious descriptions, prompt injection attempts, and hidden instructions before tools are made available to your environment.Tool Call Guard
Scans tool execution outputs in real-time to detect malicious responses, data exfiltration attempts, and prompt injection before they reach your LLMs.Additional specialized models are in development to address new attack vectors as they emerge in the MCP ecosystem.
Why Industry-Leading?
Purpose-Built for MCP - Custom-trained threat classification models specifically designed for MCP ecosystem attacks. High Performance - Fast inference with typical scan times of 50-100ms. Continuously Evolving - Models are regularly refined based on emerging threat patterns. Battle-Tested - Deployed in production environments protecting real-world MCP deployments. Enterprise-Ready - Complete audit logging, flexible configuration, and Security Dashboard integration.Configuration
Navigate to Settings → Security Scanners to enable Runlayer ToolGuard models.Monitoring
Security Dashboard - View detection timelines, violation trends, and common threat types Server Pages - Tool List Guard warnings appear directly on server detail pages when potentially malicious tools are detected Audit Logs - Full history of detections, blocks, and configuration changes with confidence scoresBest Practices
- Use per-server overrides for high-risk external servers
- Combine with MCP access policies for layered security
- Review flagged tools with your security team before blocking
Staying Ahead
Runlayer ToolGuard models are continuously refined based on emerging threat patterns in the MCP ecosystem. Our commitment to continuous innovation ensures you have industry-leading defenses as new attack techniques emerge.Model Attribution
The Runlayer ToolGuard suite utilizes GA Guard Lite for threat classification embeddings and model inputs. GA Guard Lite is licensed under Apache 2.0.