TL;DR: Model Context Protocol standardises how AI models call tools, use memory, and carry context, which can improve traceability and access control but also expands the attack surface for agentic systems, according to TROJ.AI. For identity teams, the real issue is not interoperability itself but whether governance keeps pace with dynamic tool use and auditable context boundaries.
NHIMG editorial — based on content published by TROJ.AI: What is Model Context Protocol (MCP)?
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
Questions worth separating out
Q: How should security teams govern AI agents that use MCP to call tools?
A: Security teams should treat every MCP tool call as an access decision, not a technical convenience.
Q: Why does MCP increase the importance of runtime authorisation for agentic AI?
A: MCP increases the importance of runtime authorisation because it turns tool use into a dynamic, session-based decision path.
Q: What breaks when AI agent context is treated like passive metadata?
A: What breaks is the boundary between information and authority.
Practitioner guidance
- Inventory MCP-connected tools and data sources Map every model-to-tool route, owner, and approved purpose before expanding agent usage.
- Bind policy to each tool invocation Require runtime checks for every MCP call, including data sensitivity, session state, and task scope.
- Separate read context from act context Keep reference material, user instructions, and action permissions in different policy domains.
What's in the full article
TROJ.AI's full article covers the operational detail this post intentionally leaves for the source:
- The step-by-step explanation of how MCP structures context, tool calls, and state across an AI session.
- The article's discussion of why MCP reduces bespoke integrations while still requiring custom adapters for many proprietary systems.
- The vendor's mapping of MCP to agentic workflows, including dynamic context routing and multi-agent coordination.
- The source's own framing of how MCP fits into secure AI application design and developer workflow decisions.
👉 Read TROJ.AI's analysis of Model Context Protocol for secure AI systems →
MCP for AI agents: what it means for IAM and security teams?
Explore further
MCP is becoming the identity control plane for agentic AI, not just a developer protocol. Once a model can call tools, retrieve context, and persist memory through a standard interface, the governance problem shifts from integration design to authority design. That means every MCP route becomes part of the effective identity perimeter, even when no human is in the loop. Practitioners should treat MCP as an entitlement boundary, not a messaging convenience.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who should own governance for MCP-connected AI systems?
A: Governance should sit with the teams responsible for identity, access, and application risk, not only with application developers. MCP creates shared responsibility across IAM, security engineering, and platform teams because tool access, context handling, and session policy all shape the real control environment.
👉 Read our full editorial: MCP changes the control plane for agentic AI identities