MCP access controls for AI agents: what IAM teams should change

TL;DR: Pomerium’s MCP support and context-aware proxying shift AI agent security toward request-time authorization, short-lived scoped JWTs, and identity-aware access decisions for internal resources, according to WorkOS. The governance issue is that existing IAM models assume stable, reviewable access, while agent workflows now need controls that evaluate each request in context.

NHIMG editorial — based on content published by WorkOS: Pomerium for AI Agent Security: Features, Pricing, and Alternatives

By the numbers:

• Pomerium raised $18 million in funding, including a $13.75 million Series A led by Benchmark Capital in 2024.

Questions worth separating out

Q: How should security teams govern AI agents that access internal infrastructure?

A: Security teams should treat AI agents as non-human identities that need request-time authorization, not broad network trust.

Q: Why do AI agents complicate zero-trust architecture?

A: AI agents complicate zero-trust architecture because they generate dynamic access requests that can change by task, context, and prompt content.

Q: What do security teams get wrong about short-lived credentials for AI agents?

A: Teams often assume short-lived credentials are enough on their own.

Practitioner guidance

• Separate internal access from customer authentication Use one control plane for B2B customer identity features such as SSO and directory sync, and a different one for internal resource access.
• Enforce request-time policy for agent tool use Place policy checks at the proxy or gateway that evaluates every MCP request against identity, context, and resource scope before the request reaches internal systems.
• Replace durable agent secrets with short-lived scoped tokens Issue credentials that expire quickly and only allow the minimum resource set needed for the current task.

What's in the full article

WorkOS's full article covers the operational detail this post intentionally leaves for the source:

• Step-by-step Pomerium policy examples for internal applications and infrastructure.
• Detailed comparison of open-source deployment versus the commercial Pomerium Zero model.
• Customer authentication requirements that separate WorkOS from infrastructure access tooling.
• Implementation guidance for MCP-secured agent workflows and proxy-based enforcement.

👉 Read WorkOS's analysis of Pomerium for AI agent security and enterprise auth →

MCP access controls for AI agents: what IAM teams should change?

Explore further

View Full Forum →  |  NHI Foundation Course →