Citrix has announced a significant update to its NetScaler product line, introducing new features designed to enhance the security and governance of enterprise AI agents using the Model Context Protocol (MCP). The NetScaler MCP Gateway, unveiled in July, provides a centralized point of access for AI agents connecting to authorized MCP servers. This update aims to address the increasing security challenges faced by organizations as they transition from pilot AI deployments to full-scale production.
Improved Security for AI Agents
AI agents, capable of querying databases, invoking internal tools, accessing business applications, and executing complex workflows, require robust security measures. Without centralized controls, enterprises risk managing unregulated MCP servers, inconsistent authentication processes, excessive permissions, and limited visibility into agent activities. The MCP standard facilitates interactions between AI models and external tools, but its widespread adoption can lead to management issues similar to those in traditional API environments, such as fragmented endpoints and weak access controls.
Centralized Control with NetScaler MCP Gateway
The newly introduced NetScaler MCP Gateway by Citrix is designed to consolidate interactions under a unified policy and security framework. This gateway efficiently routes agent requests to authorized MCP servers, alleviating the burden on development and infrastructure teams to manage separate access policies and authentication methods. It supports centralized authentication through various methods, including per-user tokens, global tokens, OAuth, and hybrid authentication flows. Additionally, security teams can enforce tool-based rate limits and configure server allowlists and blocklists, crucial for preventing unauthorized access in regulated sectors like healthcare and finance.
Advanced Features for Enterprise Environments
Citrix has also introduced session persistence and protocol-aware health monitoring for MCP workloads, ensuring agents remain connected to appropriate servers during multi-step workflows. Health monitoring can identify unavailable or unhealthy MCP servers, preventing disruptions in agent tasks. Alongside these features, the expanded NetScaler AI Gateway now supports model routing based on content switching. Organizations can direct AI requests to different language models according to policy, optimizing costs and resource allocation.
Furthermore, the AI Gateway tracks input and output token usage, providing organizations with greater visibility into AI consumption. This capability helps monitor costs, detect unusual usage patterns, and assign AI spending responsibility across business units. Citrix is also testing a private technology preview for Claude Code deployments, emphasizing the flexibility of NetScaler AI Gateway as a centralized LLM gateway for developers accessing Anthropic models.
Citrix has highlighted the efficiency of NetScaler’s single-pass architecture, which integrates authentication, routing, traffic management, rate limiting, security inspection, and observability on a single data path. This design minimizes latency and CPU overhead, crucial for managing high-volume AI and MCP traffic. These new capabilities are available at no additional cost for customers with Citrix Platform License or Universal Hybrid Multi-Cloud licenses. Internally, Citrix has deployed NetScaler AI Gateway to manage prompts, model interactions, and token usage for its Citrix Aidrien AI assistant, illustrating its commitment to enhancing AI governance and security.
