MCPKernel — The Missing Security Kernel for AI Agents

The Problem Nobody's Talking About Your AI agent — LangChain, CrewAI, AutoGen, Copilot — calls tools autonomously. It reads files, executes code, makes HTTP requests. One prompt injection and your secrets are gone. There's no firewall between your agent and your infrastructure. Until now. Introducing MCPKernel MCPKernel is an open-source MCP/A2A security gateway that sits between your AI agent and MCP tool servers. Every single tool call passes through it: ┌─────────────┐ ┌──────────────────────────┐ ┌─────────────┐ │ AI Agent │────▶│ MCPKernel │────▶│ MCP Tool │ │ (LangChain, │◀────│ Security Gateway │◀────│ Server │ │ CrewAI, etc) │ └──────────────────────────┘ └─────────────┘ Policy │ Taint │ Sandbox DEE │ Audit │ eBPF What happens to every tool call: Step What It Does 1. Policy Check Evaluates against YAML rules with OWASP ASI 2026 mappings 2. Taint Scan Detects secrets (AWS keys, JWTs), PII (SSN, credit cards) 3. Sandbox Execution Runs in Docker, Firecracker, WASM, or Microsandbox