Versa’s platform combines networking and security in the same software stack, which allows it to attract and inspect traffic in both directions. The implementation is patent pending.
“You don’t need a firewall at these locations,” Ahuja said. “You can actually elevate the firewall right into the SSE and look at the traffic in both directions.”
Inbound SSE is included in Versa’s standard SASE licensing, priced by capacity covering both directions. No deployment changes are required for existing VersaONE customers. Swisscom is already running the capability in production, inspecting inbound traffic within its own SSE points of presence rather than deploying firewalls at customer premises.
Agentic AI and the inbound traffic problem
Agentic AI is also changing the inbound traffic equation. External MCP servers calling into enterprise environments are generating connection patterns that outbound-focused SSE was never built to handle.
Versa already has a zero-trust MCP server in production that requires human validation before allowing agentic commands, and a generative AI firewall for controlling which users and agents can access models. Ahuja indicated more is coming.
He described the need for a centralized policy enforcement point where all MCP traffic is funneled, with controls defining what each server is permitted to do. That layer would also include sandboxing capabilities and a WAF-like function to protect hosted models from unauthorized access by users, agents or external MCP servers
