MPPDOCS
Contact Us →
OverviewWhy MPP?Getting StartedSecurity & TrustBuild with MPPIntegrate MPPComing from MCPFAQGlossary
Introduction

Why MPP?

The Challenge with AI Tools Today

As AI agents become capable of taking real actions, reading files, querying databases, calling APIs, the tools they use become a significant risk surface. Most organisations deploying AI agents today face the same unresolved questions:

  • How do you know a tool hasn't been tampered with since it was published?
  • How do you prevent a tool from accessing more than it should?
  • How do you maintain an audit trail of what tools did on behalf of your users?
  • How do you give employees or customers confidence that AI tool use is governed?

Without answers to these questions, AI agent adoption stalls or worse, proceeds without the controls that enterprise and regulated environments demand.

What MPP Delivers

MPP (Model Package Protocol) is a licensed protocol that brings the same level of trust and governance to AI tools that package managers and container runtimes brought to software delivery. Every tool distributed through MPP is:

  • Verified before it runs. Cryptographic signatures prove the tool came from its declared author and hasn't been modified since publication. Tampered or unsigned tools are rejected automatically.
  • Isolated during execution. Tools run in a contained environment with no access to anything outside what the user has explicitly approved. There is no ambient authority, every resource access is intentional.
  • Scoped to declared intentions. Each tool declares upfront exactly what it needs to do its job. Users see and approve those declarations before the tool runs for the first time.
  • Portable across environments. One MPP package works in any compatible host, your IDE, your agent framework, your enterprise platform, without modification.

Who Benefits

  • Enterprise teams get a governed, auditable pipeline for AI tool adoption satisfying security review and compliance requirements.
  • Developers building tools get a trusted distribution channel and a security-by-default foundation, without needing to build their own trust infrastructure.
  • Platform builders get a standardised integration point that makes their product compatible with the growing ecosystem of signed MPP tools.
  • End users get visibility and control, they know what AI tools are doing on their behalf, and they can revoke access at any time.

Core Principles

  • Zero Trust by default. No tool is assumed safe. Every package is verified on every load, regardless of source.
  • Least privilege. Tools only get access to what they need, and only after the user approves it.
  • Transparency. Everything a tool declares — its author, its permissions, its version is visible, verifiable, and immutable.
  • Portability. Tools are self-contained packages that travel with their security guarantees intact, regardless of where they are deployed.