Notifications

Clear all

MCP apps are here. Are your access controls ready?

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Member Moderator

Joined: 1 year ago

Posts: 3789

Topic starter 10/06/2026 12:52 am

TL;DR: MCP apps are moving into production faster than the surrounding security model, and developers are still defaulting to OAuth alone, according to Pomerium. That leaves context-aware authorization, tool scoping, and request-by-request enforcement as the real gap, not token issuance.

NHIMG editorial — based on content published by Pomerium: MCP apps are here. Is yours secure on day one?

By the numbers:

53% of MCP servers expose credentials through hard-coded values in configuration files.
Only 18% of MCP server deployments implement any form of access scoping for tool permissions.

Questions worth separating out

Q: How should security teams secure MCP apps in production?

A: Start by putting MCP servers behind an identity-aware proxy that validates tokens, checks context, and logs every request.

Q: Why do OAuth scopes fall short for MCP governance?

A: OAuth scopes tell you what a token can do in theory, but they do not decide whether a request is safe right now.

Q: What breaks when MCP tools are granted server-wide access?

A: Server-wide access collapses every tool into the same trust level, even when the risks are very different.

Practitioner guidance

Put MCP servers behind an identity-aware proxy Enforce authentication, token validation, and request logging before traffic reaches the server.
Scope access at the tool level Separate read, write, and destructive tools into distinct policy classes so server access does not automatically imply full capability.
Treat OAuth as necessary but incomplete Use OAuth for token issuance, then add device trust, session context, and location checks for production access decisions.

What's in the full article

Pomerium's full blog post covers the operational detail this post intentionally leaves for the source:

Step-by-step setup for the `ssh -R 0 pom.run` tunnel and automatic OAuth bootstrap.
Implementation detail for dynamic client registration, token exchange, and upstream OAuth handling.
Configuration patterns for fine-grained per-tool authorization across read and write actions.
Deployment guidance for moving from a prototype tunnel to self-hosted production infrastructure.

👉 Read Pomerium's analysis of securing MCP apps on day one →

MCP apps are here. Are your access controls ready?

Explore further

View Full Forum → | NHI Foundation Course →

Quote

Topic Tags

Forum Statistics

9 Forums

5,021 Topics

7,166 Posts

23 Online

136 Members

Latest Post: Agentic AI security best practices for 2026: are your controls keeping up? Our newest member: Alex Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies