In this article, I show you how I connected Claude to Siemens TIA Portal V20 via the MCP protocol, adding a Zero-Trust security layer thanks to Solo.io's AgentGateway — as part of the global MCP_HACK//26 hackathon.
See the full demo video:
https://www.youtube.com/watch?v=_OJYzbmBOvA
The Architecture
Claude Code (CLI)
→ AgentGateway (port 4000)
→ T-IA Connect (port 9000)
→ REST API OpenAPI → MCPThree Components:
- T-IA Connect — the MCP server that exposes TIA Portal V20 as an API for IA agents
- AgentGateway — Solo.io's Zero-Trust proxy that secures each MCP call
- Claude Code — the IA agent that drives everything in natural language
Scene 1 — Claude Builds a TIA Portal Project from Scratch
- Create a new project named "aihackathon" in GUI mode.
- Add a CPU 1511-1 PN to the project.
- Create a function block named "ProductionControl" with a simple ladder logic:
one input called "StartButton" of type Bool, one output called "MotorRunning" of type Bool,
and a contact/coil network that sets MotorRunning when StartButton is true.
- Give me a full overview of the project.This is what it looks like live:
- TIA Portal opens, the "aihackathon" project is created
- The CPU 1511-1 PN is added automatically
- The ProductionControl block appears with its ladder network — contact #StartButton → coil #MotorRunning
- Claude provides a structured summary of the project
Meanwhile, the AgentGateway logs scroll in real-time: each MCP call is visible, traced, timestamped.
"Every MCP call is routed through AgentGateway — logged, audited, controlled."
Scene 2 — T-IA Connect, the Industrial MCP Server
T-IA Connect runs natively on Windows, directly connected to TIA Portal V20 via the Openness API.
It exposes over 190 MCP tools covering:
- Project management (create, open, save, archive, snapshot...)
- Hardware configuration (CPU, modules, rack...)
- Programming blocks (FB, FC, DB, OB — LAD, SCL...)
- Tags and variable tables
- Diagnostics and connection status
All of this is accessible to any IA agent via the standard MCP protocol.
Scene 3 — The AgentGateway Playground
The AgentGateway administration interface (http://localhost:15000/ui) offers a centralized view of all connected backends.
In our configuration, two backends are merged into a single MCP endpoint: siemens-tia-portal_ — native T-IA Connect tools via SSE tia-openapi_
the complete REST API of TIA Portal, converted into MCP tools via the OpenAPI spec 190+ tools, a single endpoint.
From the Playground, we can directly call tia-openapi_Health_Ping.
TIA Portal responds. Live.
Scene 4 — Zero-Trust: Blocking a Tool in Real-Time
This is the most important part for real industrial use.
In TIA Portal, closing a project (close_project) may seem harmless.
But in a production environment, we don't want an IA agent to be able to close a project opened by an operator without explicit authorization.
With AgentGateway, it's a line of configuration:
deny: mcp.tool.name == "close_project"
Once this policy is applied and the container is restarted, the close_project tool disappears from the list of available tools for Claude. It can no longer call it — no error, no possible workaround. The tool simply no longer exists from its point of view.
This is industrial Zero-Trust: what is not explicitly authorized does not exist.
Note: In this alpha version of AgentGateway (v1.0.0-alpha.2), hot reloading of policies is not yet supported — a container restart is required. This is a feature planned for future versions.
Conclusion
T-IA Connect + AgentGateway, this is the combination that was missing to deploy generative IA in an industrial environment:
T-IA Connect provides the depth of integration with TIA Portal AgentGateway provides governance, audit, and access control
IA can now assist automation engineers — without ever exceeding the limits set by IT/OT teams.
Learn more about T-IA Connect:t-iac-connect.com
MCP_HACK//26 — Solo.io & a16z