Definition
An evolution of traditional data-loss prevention — tools that detect and block sensitive data from leaving an organisation — adapted for the specific risks of AI agents and Model Context Protocol (MCP) workflows, where data flows through automated tool calls, model context windows, and agent-to-agent handoffs rather than through conventional email or file-transfer channels. Traditional DLP tools were not designed to inspect MCP tool invocations, shadow MCP server connections, or the data an agent retrieves before passing it to an LLM. Agentic DLP monitors and enforces policies across these new pathways in real time.
Why it matters
Without DLP coverage of agentic workflows, sensitive data — customer records, source code, financial information — can be silently extracted via an AI agent's legitimate tool calls, bypassing all existing data-exfiltration controls with no alert generated.