Security and governance are very important in Agent Interoperability. The safeguards, encryption, and trust boundaries used in this framework are crucial.

Security is a key part of Model Context Protocol (MCP). It protects sensitive data and ensures that customers follow the necessary rules. We make sure that all MCP tool calls are authenticated using a zero-trust approach; nothing can move through the Agent Interoperability framework without authentication.

We have the following levels of authentication:
  • Every user accessing or trying to use these tool calls must be authenticated first. We support API key-based authentication.
  • Everything is controlled by role-based access control (RBAC). The place where MCP inbound tools are created (on the AI->Agent connections page) is RBAC. Only authorized users can create new MCP inbound tools.
  • When you run an automation from a third-party AI Assistant using the Process Reasoning Engine (PRE) (see Process Reasoning Engine and generative AI for details) or our Discover Automation tool, you can only access and run automations that the user is configured to access in the MCP client. This access is granted through our Control Room repository.

All interactions between the MCP client and MCP server, and between the MCP server and the Automation Anywhere Control Room, are encrypted. We use TLS 1.2 encryption, which means all communication goes through a secure channel.

All MCP inbound tool calls are logged for traceability and governance purposes.