Citrix Wants NetScaler to Police the Traffic Behind Agentic AI
Citrix, a Cloud Software Group company, announced on July 9 that it has added Model Context Protocol (MCP) Gateway functionality to NetScaler AI Gateway, positioning the platform as a governance point for both large language model traffic and agentic AI traffic. Citrix said the new NetScaler capabilities allow enterprises to securely route, govern, and observe agent traffic to backend MCP servers.
The company also introduced model-routing and token-level usage-tracking enhancements for LLM traffic, giving security, infrastructure, and AI platform teams a way to manage both agent and model interactions from one platform and dashboard.
The update targets a fast-emerging enterprise AI problem. As organizations deploy agents that interact with business systems, data, and workflows, MCP servers, endpoints, authentication models, and agent actions can spread across the enterprise without a consistent control layer.
Steve Shah, general manager of NetScaler at Citrix, said agents querying systems of record through MCP will become “the new API call.” He said protecting systems of record with policies for who can access which services will become central to security and regulatory compliance.
MCP Governance in the Infrastructure Layer
MCP is becoming a standard way for AI agents to connect to enterprise applications, tools, and data sources. That gives agents more operational reach, but it also creates new governance challenges around access control, server sprawl, authentication, rate limits, observability, and auditability.
NetScaler MCP Gateway is designed to provide a single governed entry point for MCP clients. Instead of forcing teams to manage fragmented endpoints and inconsistent authentication methods, the gateway routes requests to approved backend MCP servers and applies centralized policy controls.
Citrix said the capabilities include centralized authentication, per-user and global tokens, OAuth and hybrid flows, tool-based rate limiting, and server allow/block lists. The platform also supports session persistence and protocol-aware monitoring so longer multi-step agent workflows can stay connected to the right backend server while monitoring server health.
For regulated industries, that control layer is especially relevant. Financial services, healthcare, and public-sector organizations are likely to face higher scrutiny when AI agents access sensitive systems, execute steps, or retrieve governed data.
Get Our Free Weekly Newsletter
LLM Traffic Gets Routing, Cost Visibility
Citrix is also extending NetScaler AI Gateway for multi-provider LLM workloads. New content-switching-based model routing allows incoming chat requests from AI agents and applications to be routed to different models based on policy.
The update also adds usage tracking for input and output tokens or requests by team, user, or application. Citrix said those capabilities can help enterprises optimize cost and performance across multiple model providers, reduce lock-in, and hold teams accountable for AI spend.
The company is also enabling a Claude Code use case in private tech preview. In that model, NetScaler AI Gateway sits in front of Claude Code as an LLM gateway, giving administrators a central control point for developer access to Anthropic models through a service provider.
Citrix is emphasizing NetScaler’s single-pass architecture as part of the AI governance story. The company said traffic management, authentication, routing, security inspection, rate limiting, and observability can happen in one pass through the data path, reducing the need to chain separate proxies and point tools for high-volume AI workloads.
NetScaler AI Gateway, launched in April, was introduced as a way to bring enterprise governance, cost control, and security to LLM projects. The July update extends that strategy from model access into agentic workflows that connect to enterprise tools and systems through MCP.
Sponsor Industry‑Grade Research
What This Means for ERP Insiders
AI agents are turning system access into a governance problem. As agents begin calling ERP, finance, HR, supply chain, CRM, and data systems through protocols such as MCP, enterprises need to decide who can access which tools, under what conditions, and with what audit trail. For CIOs, CISOs, and ERP platform owners, agent governance will need to sit closer to enterprise infrastructure rather than inside isolated AI experiments.
Traffic control will shape how agentic AI moves into production. Model routing, token tracking, rate limits, approved-server lists, authentication, and session controls are becoming core requirements for AI operations at scale. For regulated industries and complex enterprises, the practical test is whether agents can be monitored and constrained before they touch sensitive workflows or high-risk systems.
ERP security teams will need to treat agents like operational actors. AI agents that retrieve data, trigger workflows, and interact with systems of record create risks that resemble API, identity, integration, and automation risk at the same time. For ERP leaders and implementation partners, the next readiness step is to define agent access policies, exception paths, and observability requirements before autonomous workflows expand.