Your internal knowledge, accessible to AI — without the leaks.
Agents ship fast. Security reviews don’t. Gated audits the MCP servers, tools, and integrations your agents reach into, so the data they surface is the data you meant to expose.
Probe is our scanner for MCP servers and agent-facing APIs. It behaves like a polite attacker: enumerates tools, probes auth boundaries, and checks the things developers forget — unlogged admin paths, mislabeled resources, a tool that returns more than its docstring suggests.
When the findings need more than a patch, our consulting team steps in: threat models, architecture fixes, and an authorization layer you can actually reason about.
Agents are cheap to build. The blast radius isn’t.
Three patterns we see in every pre-engagement audit. None of them are exotic. All of them ship to production.
Scatter
Tools, resources, and prompts ship in five different repos with five different owners. No one can answer what the agent is allowed to see, because no one has the whole picture.
Silence
MCP servers rarely emit audit logs anyone reviews. A misbehaving tool returns PII to a third-party model provider and the first signal is a support ticket, weeks later.
Shadow
A developer spins up a local MCP against prod data for a demo. It works. It stays. Six months later it's behind a customer-facing chat and no one remembers it exists.
Two products. One discipline.
Probe finds the surface area and ranks what's dangerous. Consulting does the hard, human work of fixing it — threat models, architecture, and the uncomfortable conversations about scope.
Find the risk
An automated scanner for MCP servers and agent-facing APIs. Enumerates tools, tests authorization boundaries, and produces a ranked report with reproductions for every finding.
- Connect in under two minutes
- 147 checks across 11 risk families
- Ships with CI integration and webhook alerts
Fix the risk
Hands-on engagements with senior security engineers. We build the threat model, design the authorization layer, and stay until the fix is merged — not just recommended.
- Readiness Call · free 30 min
- Audit · fixed-scope, fixed-fee
- Sprint · embedded, 2–6 weeks
Four steps. No surprise invoices.
Every engagement is fixed-scope with a written deliverable. If we can't tell you up front what you're getting, we haven't done the work to earn the engagement.
- 0130 min · free
Readiness Call
Thirty minutes, free. We look at your MCP surface, ask where the agents go, and tell you honestly whether an engagement makes sense.
- 02week 1
Scope + Threat Model
We inventory every tool, resource, and integration. We write down the adversaries worth worrying about, and the ones that aren't.
- 03weeks 1–4
Audit + Fix
Manual review backed by Probe. Every finding comes with a reproduction, a severity, and a concrete remediation. For Sprints, we ship the fix with you.
- 04week 4+
Harden + Hand-off
Authorization invariants, logging, CI checks, and a living threat model your team can extend. We leave behind a system, not a PDF.
Security is the first question, not the last.
Every Probe scan begins with a written authorization scope. We verify domain ownership and require a scoped, revocable token. No drive-by scans, ever.
If your agent ingests a ticket, a doc, or a webhook body, we test it as an injection vector. The threat model we ship assumes the model is a confused deputy — because it is.
Our deliverable is an authorization layer, a set of invariants, and tests that enforce them. You leave with something your engineers can maintain after we're gone.
We won't tell you your agent is safe because it passed a scan. Scans find classes of problems. Threat models find the rest. We do both.
Three ways in. One standard of work.
Start with a Readiness Call. Most teams don't know whether they need an Audit or a Sprint until we've looked at the surface together.
A working call, not a sales call. We review your MCP surface, flag the top risks, and tell you whether you need an engagement at all.
- Live screen-share review
- Written summary within 24h
- No deck, no SDR, no chase
Structured review of one MCP surface. Threat model, manual testing backed by Probe, a written report, and a 45-minute fix-planning session.
- Covers one server or integration
- Ranked findings with reproductions
- Report is yours to share internally
We ship the fix with you. Authorization redesign, logging, CI checks, and whatever else the audit turned up. One senior engineer, full-time, zero handoff.
- Scoped and priced after Audit
- Shared Slack + daily pairing
- Fixed-fee, not T&M
Straight answers. No fine print.
Missing a question? Ask it on the Readiness Call — we'd rather answer it on video than edit this list.