# Oktsec > Open-source security layer for AI agent-to-agent communication. Cryptographic identity, policy enforcement, content scanning, and full audit trail for every MCP message and tool call. Self-hosted, no LLM, no cloud dependency. ## Core Capabilities - [MCP Gateway](https://oktsec.com/blog/mcp-gateway-security-layer/): Security proxy for any MCP server — per-agent identity, tool-level policies, content scanning, audit trails without changing backend code - [Cryptographic Agent Identity](https://oktsec.com/blog/nist-ai-agent-identity-authorization/): Ed25519 key pairs, message signing, identity verification for every agent interaction - [Detection Engine](https://oktsec.com/): 169+ detection rules across 15 categories powered by the Aguara engine, including NLP analysis and taint tracking - [Policy Enforcement](https://oktsec.com/): Tool-level allow/deny policies, rate limiting, and content filtering per agent identity - [Audit Trail](https://oktsec.com/): Complete logging of every message, tool call, and policy decision with SARIF output - [OWASP Coverage](https://oktsec.com/): Covers 7/10 OWASP Agentic Top 10 categories ## Architecture - Layer 1: Static analysis (Aguara scanner) — pre-runtime detection of malicious skills and MCP servers - Layer 2: Runtime isolation — container-level separation of agent workloads - Layer 3: Runtime enforcement (MCP Gateway) — message-level identity verification and policy enforcement ## Blog Posts - [Academic Research Validates the Zero-Trust Runtime Architecture Oktsec Implements](https://oktsec.com/blog/agentic-ai-attack-surface-academic-validation/) - [Oktsec v0.6.0: MCP Gateway, Security Hardening & Coordinated Stack Release](https://oktsec.com/blog/v0-6-0-mcp-gateway-release/) - [MCP Gateway: A Security Layer for Every MCP Server](https://oktsec.com/blog/mcp-gateway-security-layer/) - [Kali Linux Just Proved That AI Agents Are Offensive Security Tools](https://oktsec.com/blog/kali-mcp-agents-attack-surface/) - [NIST's AI Agent Identity Paper Validates the Oktsec Thesis](https://oktsec.com/blog/nist-ai-agent-identity-authorization/) - [From Open-Source Scanner to Security Platform in 14 Days](https://oktsec.com/blog/from-scanner-to-security-platform/) - [Static Analysis + Runtime Isolation: A Defense-in-Depth Framework](https://oktsec.com/blog/static-analysis-plus-runtime-isolation/) - [The OpenClaw Security Crisis: What Enterprise Teams Need to Know](https://oktsec.com/blog/openclaw-security-crisis-enterprise-guide/) - [Why Agent-to-Agent Security is the Next Enterprise Requirement](https://oktsec.com/blog/agent-to-agent-security-enterprise-requirement/) ## Optional - [Aguara Scanner](https://aguarascan.com/): Open-source static security scanner for AI agent skills and MCP servers — the detection engine that powers Oktsec - [Aguara LLM Context](https://aguarascan.com/llms.txt): Full product context for Aguara - [GitHub](https://github.com/oktsec)