Resource

A resource is a read-only MCP object identified by a URI and fetched when the model needs supporting context. Resources are useful for exposing data without granting action rights, but they still carry governance implications if the data can influence later tool selection or reveal sensitive state.

Expanded Definition

In Model Context Protocol, a resource is a URI-addressable object that the model can read when it needs supporting context, but not execute or modify. That distinction matters because resources sit closer to knowledge delivery than to action, yet they still shape model behaviour. If a resource exposes environment details, secret-adjacent metadata, or policy state, it can influence later tool choice even without direct write access. NIST Cybersecurity Framework 2.0 is useful here because it treats information exposure and access governance as part of broader risk management, not just permissions. In practice, definitions vary across vendors, and no single standard governs every MCP resource pattern yet, so teams should treat the term as operationally specific rather than generic content storage.

The most common misapplication is treating a resource like inert documentation, which occurs when developers publish sensitive context under read-only access and assume it cannot affect downstream decisions.

Examples and Use Cases

Implementing resources rigorously often introduces context-management overhead, requiring organisations to weigh richer model grounding against tighter review, classification, and retention controls.

• A policy resource exposes approved escalation paths so the agent can select the right workflow without receiving command authority, a pattern that aligns with NIST Cybersecurity Framework 2.0.
• An incident-status resource publishes service health and incident timelines to the model, but access must be bounded so it does not leak outage details that could alter automated tool selection.
• A secrets-inventory resource lists where credentials live, helping the agent avoid unsafe actions; however, if overexposed, it can become a roadmap for abuse. NHIMG has shown how weak handling of identity-related material can cascade into compromise in the ASP.NET machine keys RCE attack.
• A compliance evidence resource provides audit-ready records for review workflows, while still keeping write operations and enforcement actions in separate tools.
• An environment map resource gives the agent topology and dependency context, which improves routing but must be curated so internal service names and trust boundaries are not over-revealed.

Why It Matters in NHI Security

Resources are security-relevant because they often expose the context that an agent uses to decide what to do next. That means a read-only object can still become a governance problem if it reveals secret locations, operational posture, or high-value identities. NHIMG research shows that 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, which makes seemingly harmless context a real attack surface. This is why resource design should be reviewed alongside access policy, classification, and retention, not after deployment. The NIST Cybersecurity Framework 2.0 is relevant because it ties data governance to risk outcomes, while the ASP.NET machine keys RCE attack illustrates how exposed identity material can translate into compromise when context is too permissive. Organisations typically encounter resource risk only after an agent has surfaced sensitive state during an incident, at which point resource scoping becomes operationally unavoidable to address.

Related resources from NHI Mgmt Group

• What is the difference between identity-based and resource-based policies?
• How should security teams handle OAuth tokens in multi-resource environments?
• What do IAM teams get wrong about OAuth resource indicators?
• What is the difference between org-wide RBAC and resource-scoped authorization?