CodiLime

Securing AI agents requires more than just traditional firewalls. When agents start taking actions within your infrastructure, authorization must be explicit and governed by strict policy guardrails.

At CodiLime, we’ve been spending a lot of time on exactly this problem: securing AI agents that reach infrastructure through MCP servers, making authorization decisions explicit, pushing enforcement closer to devices, and adding policy guardrails that do not depend on the model “doing the right thing.”

Check our related publications:
💡 https://hubs.ly/Q04dJ9HK0
💡 https://hubs.ly/Q04dJ8LR0
💡https://hubs.ly/Q04dJ6dS0

If you’re attending ONUG, reach out to Tomasz Janaszka or Janek Gonzalez to discuss how we implement these security layers in real-world environments.

Giving an AI agent access to your live network infrastructure is a massive security risk… unless you have the right guardrails in place.

In our latest session, Tomasz Janaszka, walks through the architecture of securing MCP-connected AI agents. He moves past the hype to address critical technical challenges e.g. “How do you ensure an agent doesn't execute a "no router bgp" command just because a user prompted it?”

Key takeaways from the session:
🔑 Why per-tool authorization isn't enough and where the current protocol falls short.
🔑 Combining identity-based RBAC with device-level command validation.
🔑 Using OpenBao to issue ephemeral SSH certificates instead of using static keys.
🔑 Solving the problem of fragmented logs by propagating 6 specific correlation IDs across the entire chain.

The highlight? A live demo of Net-Inspector, demonstrating how to implement Attribute-Based Access Control (ABAC) and dynamic maintenance windows using Open Policy Agent (OPA).

Watch the full breakdown here: https://hubs.ly/Q04d0NDM0

CodiLime When AI agents get the keys to your network | CodiLime

We go live in 72 hours. If you are responsible for network delivery and security standards, this is your last chance to join.

We aren't talking about "theoretical" AI. This is a deep dive into securing real CLI commands on switches and routers via MCP servers.

Final agenda check:
✔️ The "anti-pattern" that allows read-only users to bypass controls.
✔️ The stack – Keycloak, TACACS+, OpenSSH ForceCommand, and JWT.
✔️ The audit – linking a user's prompt to the final ex*****on log.

Registration closes soon. Don't miss the playbook for production-ready AI infrastructure.
🔗
https://hubs.ly/Q047TSJ00

Your AI agent just called a tool on a production router. Do you know if it was allowed to?

Part 1 of our MCP security series mapped six gaps that most infrastructure teams haven't closed yet. Part 2 shows what fixing them actually looks like, code, architecture, and a working demo against real network devices.

Solutions Architect Tomasz Janaszka walks through a practical security model for the MCP server layer:
→ JWT authentication at the MCP server boundary, with four validation checks before any tool code runs
→ A scope namespace (mcp::) that maps permissions to risk level: read, probe, write
→ Role bundles that reflect how network operations teams are actually structured
→ Per-tool scope enforcement using a decorator in FastMCP
→ Discovery-time filtering so agents only see tools they're authorised to use

The article also covers where scope-based access control breaks down — and why tool design is a prerequisite for any of this to work.

Read part 2 here → https://hubs.ly/Q048rBtg0