Is MCP really the problem?

Read full article here: https://astrix.security/learn/blog/mcp-is-the-problem/?source=nhimg

AI agents are scaling faster than humans, each one acting as a Non-Human Identity (NHI). To manage their connections to APIs and tools, organizations are turning to the Model Context Protocol (MCP)—a developer-loved standard that simplifies integration. But under the hood, it’s causing serious friction for IAM and security teams.

This blog kicks off a multi-part series by Astrix that uncovers the early security blind spots of MCP. From bearer token sprawl and invisible identities to risky third-party implementations, MCP has become a double-edged sword: fast for developers, fragile for governance.

You’ll learn:

• Why MCP’s design favors speed over security

• How API key reuse, orphaned credentials, and lack of attribution are undermining Zero Trust

• Why CISOs are divided—some holding back, others going all-in

• What a "critical mass" of adoption means for security teams that aren’t ready

Despite its early flaws, MCP is gaining unstoppable momentum. In Part 2, we’ll explore how its structure might actually become a cornerstone of secure AI identity governance—if we fix it in time.