Protect AI agent email
WaverSec MCP brings the same recipient, content, attachment, and policy checks used in WaverSec Protect to AI agents before every send.
Agents send. WaverSec checks before send.
Connect WaverSec MCP to Claude, GPT, Copilot, Codex, or any MCP-capable client. Before an AI agent sends any email — a new draft, a reply, or a forward — WaverSec checks recipients, content, attachments, and policy, then returns a verdict the client can act on.
Works with the AI tools you already use
Claude
OpenAI
GitHub CopilotIllustrative scenarios showing the verdict flow. The examples are synthetic, but the detection categories are real.
Three outcomes. One pre-send decision.
The MCP keeps the send decision simple so clients can handle every outbound message consistently.
Allow
allowAllows messages to verified recipient domains, internal destinations, and content that stays within policy.
Warn
warnWarns on lookalike domains, first-time external recipients, or sensitive content that should be confirmed before send.
Block
blockBlocks plaintext secrets, sensitive exports, and unapproved external destinations before the message is delivered.
Powered by the same four-layer detection stack
The MCP calls into the same detection foundation used by WaverSec Protect, so AI agent email gets the same policy, DLP, ML/NLP, and AI/LLM review path as Outlook sends.
Policy Engine
47 policies
Recipient and content policies for misdirection, sharing risks, and attachment safeguards.
DLP Engine
46 detectors
PII and financial patterns across 29 countries with checksum validation.
ML/NLP Scanners
4 scanners
Misdirection, attachment, and sentiment scanners provide contextual detection with on-prem processing.
AI/LLM Models
5 models
Advanced cloud models provide deeper context and clear explanations, with stateless processing.
The same WaverSec protection, adapted for AI email
MCP is not a separate security model. It extends WaverSec Protect's pre-send detection to the AI tools and agents that handle email.
MCP-native pre-send check
Agents call a WaverSec MCP tool before sending email, then continue, confirm, or stop based on the returned verdict.
Unified four-layer scan
Every pre-send request can use the same Policy, DLP, ML/NLP scanner, and AI/LLM model layers used across WaverSec Protect.
Machine-readable send verdicts
The server returns allow, warn, or block so clients can continue, ask for confirmation, or prevent delivery.
Fits AI email clients and autonomous agents
Use the same MCP server wherever an AI agent handles email, without rebuilding email security for every tool.
Interactive AI tools
Claude, Codex, GPT, Copilot
- Add WaverSec as a standard MCP server in the client.
- Run every AI-handled email through WaverSec before the send tool executes.
- Use warnings for confirmation and blocks to prevent delivery.
Autonomous agents
Background email agents and orchestration layers
- Attach the MCP anywhere agents handle email on behalf of a user.
- Keep send decisions consistent across batch jobs, assistants, and custom agents.
- Centralize AI-handled email review behind the same WaverSec Protect detection pipeline.
FAQ
Questions about AI email protection
The practical questions teams ask before they put AI agent email behind policy.
What does WaverSec MCP protect?
It protects every email an AI agent is about to send — new drafts, replies, and forwards — especially messages that could expose sensitive data, go to the wrong recipient, or violate policy.
How does authentication work?
Admins issue an MCP credential to approved clients and agents from WaverSec, and can rotate or revoke that access at any time.
What verdicts can it return?
It returns three outcomes: allow, warn, and block. That gives clients a simple pre-send decision while still letting teams enforce policy.
Is it only for interactive tools like Claude Desktop?
No. It is designed for autonomous agents as well, including background workflows that send email without a person reviewing each message.
Does the MCP itself enforce the send?
The MCP returns the verdict; the client or agent environment must honor it before completing the send step. Teams should wire that decision point in explicitly rather than treating MCP as passive telemetry.
Why use this if WaverSec already protects Outlook?
Because AI agents send email outside the normal Outlook compose flow. MCP extends the same WaverSec Protect detection model to those send paths instead of leaving them outside policy.
Ready to prevent AI agent email leaks?
Add WaverSec MCP to the clients and agents that send email on your behalf, then make pre-send verdicts a required part of the send path.