Salt Security today announced the Salt Model Context Protocol (MCP) Server. This server enables AI agents to communicate with API infrastructures in natural language, analyze API behavior, and understand the underlying context.
AI-driven applications are driving the use of APIs. Analysts estimate that the number of API requests by AI agents could increase three to ten times in the coming years, according to Salt Security. After all, every interaction, prompt, or automated task generates new API calls in the background, especially as AI agents are given more leeway. This growth in automated and continuous API use places new demands on security tools, which Salt (and many others) are now addressing.
Without adequate control, APIs can become a hidden attack surface for AI systems, leading to data leaks or misuse. We already knew this, of course, but the rise of agentic AI and GenAI makes it more acute than before. There is a risk that API endpoints will be unnecessarily exposed or given too many permissions when AI agents are given direct and uncontrolled access to backend systems.
MCP Server as a controlled gateway
Salt Security, which specializes in API security, is introducing its own MCP Server as a response to these challenges. This server, based on the now well-established Model Context Protocol, acts as a controlled interface between AI agents and an organization’s APIs. It translates natural language questions into authorized, structured queries while enforcing security, governance, and usage policies.
The MCP Server prevents AI agents from blindly collecting data or gaining direct access to the backend architecture. The goal is to ensure that AI interactions with internal systems are secure and contextual. This controlled access reduces the risk of API abuse by autonomous systems.
Natural language for API insight
With the MCP Server, security teams can ask questions about their API environment in natural language. Salt emphasizes how ordinary the conversation can be. Think of questions such as: “Are there any critical risks in my environment that I need to address?” The server can then respond with a detailed explanation, for example about a specific vulnerability in an API that processes sensitive data, such as credit card details.
Users can ask follow-up questions about the functionality of an API or the nature of a risk. The MCP Server then provides explanations and AI-driven recommendations for mitigating identified risks. Other features include contextual search within the API inventory, explanation of API functionality, and analysis of posture gaps.
Availability
The Salt MCP Server is available immediately through the Salt Early Access Program. Organizations interested in early access can request a demo via the Salt Security website.