Citrix announced MCP Gateway capabilities for its NetScaler platform on July 9, creating a centralized entry point for AI agents that connect to enterprise tools and services via Model Context Protocol. The gateway dynamically routes agent requests to approved backend MCP servers while enforcing authentication, rate limits, and access controls from a single policy layer, according to Citrix’s press release.

The release addresses a governance problem that scales with agent adoption: as enterprises move from pilot deployments to production, autonomous agents connecting to databases, internal tools, and business applications via MCP can create fragmented endpoints, inconsistent authentication, excessive permissions, and limited visibility into what agents are doing.

What the Gateway Controls

NetScaler MCP Gateway supports centralized authentication through per-user tokens, global tokens, OAuth, and hybrid flows. Security teams can apply tool-based rate limits and configure server allowlists or blocklists to restrict which MCP servers agents can reach, according to Cybersecurity News.

Session persistence keeps agents connected to the correct backend server during multi-step workflows. Protocol-aware health monitoring identifies unavailable or unhealthy MCP servers before they disrupt an active agent task.

“As agents become pervasive elements of the modern enterprise, querying systems of record through MCPs will become the new API call,” Steve Shah, general manager of NetScaler at Citrix, said in the announcement. “It is not a matter of if, but when, cyber-insurance requirements will mandate the use of MCP gateways to protect against dangerous agents.”

Expanded AI Gateway Capabilities

Alongside MCP Gateway, Citrix expanded its NetScaler AI Gateway, which launched in April, with content switching-based model routing and token-level usage tracking. Organizations can route routine requests to lower-cost models while directing complex workloads to higher-capability models, and track input/output tokens by team, user, or application.

Citrix is also testing a private technology preview for Claude Code deployments, where NetScaler AI Gateway acts as a centralized LLM gateway for developers accessing Anthropic models. The configuration provides a single authentication and policy control point for large developer populations.

Pricing and Architecture

The new capabilities are included at no additional cost for customers with Citrix Platform License or Universal Hybrid Multi-Cloud licenses. Citrix emphasized NetScaler’s single-pass architecture, which performs authentication, routing, traffic management, rate limiting, security inspection, and observability on a single data path to minimize latency for high-volume AI traffic, according to the press release.

The Governance Layer Race

Citrix’s bet is that MCP will become enterprise infrastructure that needs the same governance layer enterprises already apply to API traffic. The comparison is apt: MCP adoption without centralized controls mirrors the early API sprawl that created security headaches across organizations a decade ago. Gartner found that 60% of GenAI proofs-of-concept were abandoned in 2024, often due to ineffective governance and weak risk controls, a statistic Citrix cited directly in its announcement. Whether MCP gateways become as standard as API gateways depends on how quickly agent-to-tool communication volume forces the issue.