Overview

The Model Context Protocol (MCP) is an emerging open standard that allows AI applications, such as LLM-powered assistants and autonomous agents, to connect to external tools, APIs, and data sources. Adoption of MCP is growing rapidly, making MCP servers a new and significant attack surface for online threats.

DataDome offers dedicated protection for MCP servers, providing real-time detection and blocking of malicious traffic, as well as full visibility into agentic activity targeting your MCP infrastructure.

Integration

DataDome protects MCP servers through both dedicated and generic server-side integration modules. The modules collect MCP-specific signals that enrich DataDome's detection models, enabling more accurate identification of anomalous behavior on MCP endpoints.

Several options are available depending on your stack:

FastMCP Framework (Python)

For MCP servers built with Python, DataDome natively integrates with the FastMCP framework, the leading Python framework for building MCP servers, with over 19,000 GitHub stars and approximately 60-70% of the Python MCP ecosystem.

Integration is designed to require minimal setup:

• Add the DataDome middleware to your FastMCP application
• Set your DATADOME_SERVER_SIDE_KEY as an environment variable

No additional configuration is required in most cases. The DataDome package is available on PyPI.

Refer to the DataDome integration documentation for step-by-step setup instructions for your stack.

Compatible Bot Protect server-side modules

Several Bot Protect server-side modules are compatible with MCP traffic:

• AWS CloudFront
• Cloudflare Worker
• Fastly CDN (VCL)

Agentic Protocol Traffic Source

To ensure MCP traffic is clearly identified and separable from other traffic types in your dashboards, DataDome introduces a dedicated Agentic Protocol traffic source. This allows you to filter, analyze, and configure policies specifically for traffic directed to your MCP servers, independently of other endpoint types.

Endpoint Usages

Within the Agentic Protocol traffic source, traffic is further categorized by its usage, matching the standard endpoint classification used across DataDome:

• General
• Login
• Cart
• Account Creation
• Payment
• Forms

The endpoint types are available across all DataDome dashboards, including the Endpoints overview, Explore, Access Control, and Custom Rules, enabling you to apply policies and investigate traffic at the granularity of specific MCP interaction types.

Visibility and Analytics

Once the integration is in place, agentic traffic directed to your MCP servers is immediately visible in the DataDome dashboard:

• Endpoints overview: a dedicated Agentic Protocol section displays traffic volume broken down by traffic usage and endpoint name.
• Explore: MCP traffic can be filtered and grouped using the Traffic Source and Traffic Usage dimensions, alongside all other available filtering dimensions.
• Custom Rules: custom rules can target Agentic Protocol traffic specifically, enabling granular policy enforcement on MCP endpoints using any combination of the 60+ available traffic characteristics.
• Trend Reports: attack notifications and trend reports include Agentic Protocol endpoint data, ensuring your reporting reflects MCP traffic alongside your other protected surfaces.

Protection

All of DataDome's detection capabilities apply to MCP traffic out of the box:

• AI agent identification: agents interacting with your MCP server are identified using the same layered approach as for web traffic, including cryptographic verification, trusted IP lists, and fingerprinting.
• Intent-based protection: DataDome's ML-powered intent detection models analyze every MCP request to detect and block malicious activity, including vulnerability scanning, credential stuffing, abusive scraping, and other threats.
• Access control: policies configured in Access Control apply to Agentic Protocol endpoints. You can define agent-level, endpoint-level, and custom rule-level policies specifically for your MCP infrastructure.

Note: to benefit from the full depth of DataDome's detection on MCP traffic, both the server-side MCP module and the standard client-side DataDome tag should be installed. See Prerequisites for details.