What is an Agentic Control Plane?

An Agentic Control Plane is a governance layer that sits between AI coding agents and their tools. It logs every tool call, enforces permissions and policies, and provides audit trails — giving teams visibility and control over what their AI agents are doing.

How does ACP work with Claude Code?

ACP installs a PreToolUse hook in Claude Code that fires before every tool call (Bash, Read, Write, Edit, WebFetch). The hook sends the tool name and input to ACP's governance API for policy evaluation and audit logging. Round-trip is approximately 200ms.

How do I install ACP?

Run one command: curl -sf https://agenticcontrolplane.com/install.sh | bash. This auto-detects Claude Code and OpenClaw, installs the appropriate hooks, and opens your browser to set up your workspace.

Security series

MCP Security

Model Context Protocol is rapidly becoming the default integration layer between AI clients and tools. It also has six structural risks every deployment needs to account for. This series walks through each, with what breaks if you don’t mitigate.

Posts in this series

Each post focuses on one specific risk class.

1.
I Classified 8,000+ MCP Servers by Auth Appropriateness. Most Get It Wrong.
A static analysis of 8,216 MCP servers across 4 registries. 50.6% have no auth. But the real question is: do they have the right auth for what they do?
2.
4,500 MCP Servers, 7,840 Tools, Zero Input Validation. Here's the Attack Surface.
Analysis of 8,216 MCP servers: 2,432 expose high-risk inputs — SQL, file paths, shell commands — with zero validation constraints in the tool schema.
3.
Can You Prove What Your AI Agent Did? I Checked 8,216 MCP Servers.
74.9% of MCP servers have no mention of audit logging. The MCP spec defines zero audit primitives. Here's why that's a compliance problem.
4.
MCP Servers Proxy Paid APIs With No Rate Limits. I Calculated the Blast Radius.
180 MCP servers proxy calls to paid APIs like OpenAI and Stripe. 85% document no rate limits. An agent retry loop can cost $1,080/hour.
5.
MCP Gateway Comparison: ACP vs Composio vs Self-Hosted
An honest comparison of MCP gateway options. When to use ACP Cloud, Composio, or build your own with open-source tools.
6.
4 Security Vulnerabilities Hiding in Your MCP Server's Tool Schema
Real CVEs trace back to unconstrained tool schemas. From 8,216 MCP servers: the JSON patterns behind path traversal, SSRF, injection, and how to fix each.