What AI models does the agent use?

The agent has access to Claude, DeepSeek, Gemini, and other top models. It automatically routes to the best model for each task — you never have to think about API keys or token limits.

Yes. Each agent runs in an isolated environment. We don't train on your data, and you can export or delete everything at any time. The underlying engine (GoGogot) is open-source, so you can audit exactly how it works.

What can the agent actually do?

Browse the web, process files (CSV, PDF, images), run scheduled tasks, remember context across sessions, and communicate via Telegram or Slack. Think of it as a capable junior employee, not a chatbot.

How does memory work?

The agent maintains persistent memory across sessions. It remembers your preferences, past conversations, and task context. You can also explicitly tell it to remember or forget things.

Can I self-host the agent?

Absolutely. GoGogot is 100% open-source. Run it on your own hardware for free. cowork.ink is the managed version — we handle servers, model costs, updates, and uptime so you don't have to.

Is there a free trial?

We offer a 7-day money-back guarantee. Spin up an agent, give it real tasks, and if it doesn't save you time, we'll refund you — no questions asked.

What are the biggest MCP security risks?

The top MCP security risks are tool poisoning (malicious instructions hidden in tool descriptions), prompt injection through context manipulation, confused deputy attacks where agents act on behalf of unauthorized users, and privilege escalation through over-permissioned tokens. Research shows MCP architectures amplify attack success rates by 23–41% compared to non-MCP integrations.

How do you prevent MCP tool poisoning attacks?

Prevent tool poisoning by validating tool descriptions at the gateway level before they reach agents, using allowlists for approved MCP servers, scanning tool metadata for hidden instructions, and applying least-privilege permissions so poisoned tools have minimal blast radius. See our [AI agent guardrails guide](/blog/ai-agent-guardrails/) for more defense strategies.

Does MCP support authentication and authorization?

Yes. The MCP specification recommends OAuth 2.1 with PKCE for remote server authorization. Access tokens should expire within minutes, carry minimum scope, and every tool invocation must validate signature, issuer, audience, and expiry. Mutual TLS (mTLS) adds an additional layer for high-security deployments.

What is the OWASP MCP Top 10?

The OWASP MCP Top 10 is a security framework from the OWASP GenAI Security Project that identifies the most critical risks in MCP deployments, including tool poisoning, inadequate authentication, excessive permissions, and server misconfiguration. It provides actionable mitigations for each risk category.

How do MCP gateways improve security?

MCP gateways act as centralized proxies between AI agents and MCP servers, enforcing consistent access controls, rate limiting, audit logging, secret scanning, and real-time threat detection. They prevent tampered tools from reaching agents and provide a single point for policy enforcement.

MCP Security: How to Lock Down AI Agent Tool Access

PROVEN MCP security best practices to protect AI agent tool access. Stop prompt injection, enforce least privilege, and harden MCP servers. Start now.

Frequently Asked Questions

What are the biggest MCP security risks?: The top MCP security risks are tool poisoning (malicious instructions hidden in tool descriptions), prompt injection through context manipulation, confused deputy attacks where agents act on behalf of unauthorized users, and privilege escalation through over-permissioned tokens. Research shows MCP architectures amplify attack success rates by 23–41% compared to non-MCP integrations.
How do you prevent MCP tool poisoning attacks?: Prevent tool poisoning by validating tool descriptions at the gateway level before they reach agents, using allowlists for approved MCP servers, scanning tool metadata for hidden instructions, and applying least-privilege permissions so poisoned tools have minimal blast radius. See our [AI agent guardrails guide](/blog/ai-agent-guardrails/) for more defense strategies.
Does MCP support authentication and authorization?: Yes. The MCP specification recommends OAuth 2.1 with PKCE for remote server authorization. Access tokens should expire within minutes, carry minimum scope, and every tool invocation must validate signature, issuer, audience, and expiry. Mutual TLS (mTLS) adds an additional layer for high-security deployments.
What is the OWASP MCP Top 10?: The OWASP MCP Top 10 is a security framework from the OWASP GenAI Security Project that identifies the most critical risks in MCP deployments, including tool poisoning, inadequate authentication, excessive permissions, and server misconfiguration. It provides actionable mitigations for each risk category.
How do MCP gateways improve security?: MCP gateways act as centralized proxies between AI agents and MCP servers, enforcing consistent access controls, rate limiting, audit logging, secret scanning, and real-time threat detection. They prevent tampered tools from reaching agents and provide a single point for policy enforcement.