MCP & Zero Trust

Secure AI Agents for Industrial Automation

AI agents can now create, configure and manage Siemens TIA Portal projects — with every single MCP call routed through AgentGateway for Zero-Trust security. No unauthorized command reaches your PLC.

→ Claude Code (CLI) → AgentGateway (port 4000) → T-IA Connect (port 9000)

The Problem

AI + PLCs = dangerous without guardrails

In industrial automation, a single unauthorized AI command — stopping a CPU, closing a project, overwriting a safety block — can halt an entire production line.

Unrestricted Access

Standard MCP connections give the AI agent full access to all 190+ TIA Portal tools with no filtering.

No Audit Trail

Without a proxy layer, there is no centralized log of what the AI agent did, when, and why.

No Policy Enforcement

You cannot selectively block dangerous operations (close project, stop CPU) while allowing safe ones (read tags, list blocks).

The Solution

AgentGateway as a Zero-Trust MCP Proxy

AgentGateway sits between the AI agent and T-IA Connect, enforcing policies on every MCP call before it reaches TIA Portal. AgentGateway by Solo.io

Policy-Based Filtering

Define YAML rules to deny specific tools. Blocked tools disappear entirely from the agent's view — no error, no bypass.

Full Audit Logging

Every MCP call is logged with timestamp, tool name, parameters, and result. Complete traceability for compliance.

Merged Backends

AgentGateway merges SSE (native MCP) and OpenAPI (REST-to-MCP) backends into a single unified endpoint.

Architecture

How It Works

The AI agent connects to AgentGateway on port 4000. AgentGateway routes requests to T-IA Connect on port 9000, applying Zero-Trust policies at every step.

T-IA Connect

MCP Server for Siemens TIA Portal V20 (Openness API)

Port 9000

AgentGateway

Zero-Trust MCP proxy (Solo.io)

Port 4000

Admin UI

AgentGateway Playground & monitoring dashboard

Port 15000

Claude Code

AI Agent (Anthropic CLI) — the consumer

CLI

Two Backends, One Endpoint

SSE + OpenAPI merged seamlessly

AgentGateway combines two distinct backends into a single MCP endpoint that the AI agent consumes:

Native SSE Tools

siemens-tia-portal_* — Real-time streaming tools from T-IA Connect's native MCP server.

OpenAPI REST Tools

tia-openapi_* — Full REST API auto-converted to MCP tools via the OpenAPI specification.

Zero-Trust Policies

Block Dangerous Tools in one line of YAML

Define what the AI agent can and cannot do. Denied tools vanish completely — the agent doesn't even know they exist.

Example: Block project closure

This single rule prevents any AI agent from closing a TIA Portal project:

agent-gateway.yaml

policies:
  mcpAuthorization:
    rules:
    - deny: mcp.tool.name == "close_project"

Once applied, close_project disappears from the agent's tool list entirely. No error message, no workaround — the tool simply doesn't exist from the agent's perspective.

Live Demo

See It In Action

Watch an AI agent create a TIA Portal project, configure a CPU, and generate ladder logic — all via natural language, all secured by AgentGateway.

Quick Start

Deploy in 3 Steps

Get the full Zero-Trust MCP stack running in minutes.

1Start AgentGateway

Run the AgentGateway Docker container with your configuration file and the processed OpenAPI spec.

Terminal

docker run -d --name agent-gateway --restart always \
  -p 4000:4000 -p 15000:15000 \
  -e ADMIN_ADDR=0.0.0.0:15000 \
  -v "$(pwd)/agent-gateway.yaml:/config.yaml" \
  -v "$(pwd)/tia-openapi3-norec.json:/tia-openapi3-norec.json" \
  ghcr.io/agentgateway/agentgateway:v1.0.0-alpha.2 -f /config.yaml

2Configure Claude Code

Point your AI agent to AgentGateway's MCP endpoint on port 4000.

.claude.json

// .claude.json
{
  "mcpServers": {
    "tia-connect": {
      "type": "http",
      "url": "http://localhost:4000/mcp"
    }
  }
}

3Define Policies

Write YAML rules to control which tools the agent can access. Restart the container to apply.

Key Results

What You Get

190+ MCP Tools

Every TIA Portal capability exposed as MCP tools — SSE and OpenAPI merged into one endpoint.

Zero-Trust Enforcement

Blocked tools vanish from the agent's view. No error, no bypass — they simply don't exist.

Full Audit Trail

Every AI action is logged with complete context for compliance and debugging.

Natural Language Control

Create projects, configure CPUs, generate ladder logic — all via conversational AI.

Ready to Secure Your Industrial AI?

Get started with T-IA Connect and AgentGateway to bring Zero-Trust security to your AI-powered automation workflows.

Try T-IA Connect Free View on GitHub