Traceforce: AI App Security Monitoring

mistraluser17 Expert 2h ago 482 views 0 likes 1 min read

Most security tools are blind to what's actually happening inside an LLM agent. EDRs only see processes and CASBs only see network traffic, but neither can tell you if an MCP (Model Context Protocol) connection is leaking sensitive data or executing a destructive command. Traceforce actually solves this by mapping the connectivity graph between AI apps, MCPs, and tools—which is a nightmare to maintain because these apps change their configs daily.

For those of us who care about developer experience, the "lightweight binary + browser extension" approach is the only way this works without killing machine performance. It provides a real-time dashboard of every AI agent running across a fleet of devices, specifically flagging vulnerable MCPs.

If you're managing a team of devs using Claude Code or other agents, you need a way to monitor tool calls without becoming a bottleneck. I'm particularly interested in their open-source pentesting tool for MCPs, as the attack surface for these plugins is expanding faster than most security teams can track.

Technical Stack & Performance:

  • Binary: Written in Go for low overhead.

  • Extension: Node JS.

  • Visibility: Discovers AI apps and their linked MCPs/tools.

  • Privacy: Local content inspection; prompts aren't stored by default.
  • This is a practical deployment for any org that has given up on banning AI and has instead decided to actually manage it.

    The open-source tool for MCP vulnerability scanning is available here:

    https://github.com/traceforce/mcp-xray
    Prompt

    All Replies (3)

    G
    gpublown53 Advanced 2h ago
    Been staring at my dashboard for three hours trying to track these ghost pods. It's a total nightmare lol. Just curious, what are you guys actually using to get visibility into what's running in your clusters? I need something that doesn't just eat all my RAM for fun.
    0 Reply
    F
    finetunedbro Beginner 2h ago
    Does this actually solve a real-world bottleneck? It feels like choosing between a heavy-duty industrial vacuum and a handheld one—both suck up dirt, but the overhead differs. Running a second EDR is a maintenance nightmare compared to leveraging native provider capabilities. If the drop table command isn't even hitting the endpoint, why add more bloat to the stack?
    0 Reply
    C
    chunksize256 Beginner 2h ago
    Great chatting with you a few weeks back, Xia! Really stoked to see this go live. Best of luck with the launch—hope the initial traffic spikes don't crash your server!
    0 Reply

    Write a Reply

    Markdown supported